Location: PHPKode > projects > Shinobu > admin/pages/users.php
<?php

/* ---

	Copyright (C) 2008-2009 Frank Smit
	http://shinobu.61924.nl/

	This file is part of Shinobu.

	Shinobu is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	Shinobu is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with Shinobu. If not, see <http://www.gnu.org/licenses/>.

--- */

(!defined('SHINOBU_ADMIN')) ? exit : null;

if ($sys_user['p_manage_users'] == 0)
{
	// Set page title
	$sys_tpl->assign('page_title', $sys_lang['e_error'].' - '.$sys_config['website_title'].' Admin');

	?>

<h2><span><?php echo $sys_lang['e_error'] ?></span></h2>

<p>You have no permission to access this page</p>

	<?php
}

// Edit user
else if (isset($sys_request[2]) && $sys_request[2] == 'edit')
{
	$sys_request[3] = isset($sys_request[3]) && !empty($sys_request[3]) ? intval($sys_request[3]) : 0;
	$result = $sys_db->query('SELECT u.id, u.gid, u.username, u.password, u.salt, u.active, u.real_name, u.description, u.website, u.email, u.msn, u.yahoo, u.show_email, u.language, u.timezone, u.dst, u.register_date, g.name AS usergroup FROM '.DB_PREFIX.'users AS u INNER JOIN '.DB_PREFIX.'usergroups AS g ON u.gid=g.id WHERE u.id != '.GUEST_UID.' AND u.id='.$sys_request[3].' LIMIT 1') or error($sys_db->error(), __FILE__, __LINE__);

	if ($sys_db->num_rows($result) > 0)
	{
		$user = $sys_db->fetch_assoc($result);

		// Update user
		if (isset($_POST['frm-submit']) && check_token())
		{
			$form = array_map('system_trim', $_POST['form']);
			$errors = $password_change = false;

			// Usergroup check
			$form['usergroup'] = isset($form['user-status']) ? intval($form['usergroup']) : $user['gid'];
			if ($form['usergroup'] != $user['gid'] && $form['usergroup'] != GUEST_GID && $user['id'] != 2)
			{
				$result = $sys_db->query('SELECT g.id, g.name FROM '.DB_PREFIX.'usergroups AS g WHERE id != '.GUEST_GID) or error($sys_db->error(), __FILE__, __LINE__);

				if ($sys_db->num_rows($result) < 1)
					$form['usergroup'] = $user['gid'];
			}
			else
				$form['usergroup'] = $user['gid'];

			if (isset($form['user-status']) && $user['id'] != 2)
				$form['user-status'] = $form['user-status'] == 1 ? 1 : 0;
			else
				$form['user-status'] = $user['active'];

			// Check username
			if ($sys_config['allow_username_change'] == 1 && $form['username'] != $user['username'])
			{
				// Remove double spaces (from FluxBB 1.3)
				$form['username'] = preg_replace('#\s+#s', ' ', system_trim($form['username']));

				// Look in database
				$result = $sys_db->query('SELECT username FROM '.DB_PREFIX.'users WHERE UPPER(username)=UPPER(\''.$sys_db->escape($form['username']).'\') OR UPPER(username)=UPPER(\''.$sys_db->escape(preg_replace('/[^\w]/', '', $form['username'])).'\')') or error($sys_db->error(), __FILE__, __LINE__);

				// Check username
				if (empty($form['username']))
					$errors['username'] = 'You haven\'t entered a username.';
				else if (utf8_strlen($form['username']) <= 2)
					$errors['username'] = 'Your username is too short.';
				else if (utf8_strlen($form['username']) > 20)
					$errors['username'] = 'Your username is too long.';
				else if ($sys_db->num_rows($result))
					$errors['username'] = 'This username is already taken.';
				else
					$form['username'] = $form['username'];
			}
			else
				$form['username'] = $user['username'];

			// Check e-mail
			if (!empty($form['email']))
			{
				if (!check_email($form['email']))
					$errors['email'] = 'You have entered an invalid e-mail address.';
				else if (strlen($form['email']) > 80)
					$errors['email'] = 'The e-mail address you entered is too long.';
			}
			else
				$errors['email'] = 'You haven\'t entered an e-mail address.';

			// Real name
			if (utf8_strlen($form['realname']) > 255)
				$errors['realname'] = 'Your real name is too long.';

			// User description
			$form['description'] = convert_linebreaks($form['description']);
			if (utf8_strlen($form['description']) > 2000)
				$errors['description'] = 'Your description is too long.';

			// Password change
			if (!empty($form['newpw1']) && !empty($form['newpw2']))
			{
				if (utf8_strlen($form['newpw1']) >= 6)
					if (empty($form['newpw1']))
						$errors['newpw1'] = 'You haven\'t entered a new password.';
				else
					$errors['newpw1'] = 'Your new password is too short.';

				if (empty($form['newpw2']))
					$errors['newpw2'] = 'You haven\'t confirmed the new password.';
				else if ($form['newpw2'] !== $form['newpw1'])
					$errors['newpw2'] = 'Confermation password does not match new password.';

				$password_change = true;
			}

			// Check url
			if (!empty($form['website']))
			{
				if (!check_url($form['website']))
					$errors['website'] = 'You entered an invalid website adress.';
				else if (strlen($form['website']) > 100)
					$errors['website'] = 'The website address you entered is too long.';
			}

			// Check MSN
			if (!empty($form['msn']))
			{
				if (!check_email($form['msn']))
					$errors['msn'] = 'You have entered an invalid msn address.';
				else if (strlen($form['msn']) > 100)
					$errors['msn'] = 'The msn address you entered is too long.';
			}

			// Check Yahoo!
			if (!empty($form['yahoo']))
			{
				if (!check_email($form['yahoo']))
					$errors['yahoo'] = 'You have entered an invalid Yahoo! address.';
				else if (strlen($form['yahoo']) > 100)
					$errors['yahoo'] = 'The Yahoo! address you entered is too long.';
			}

			// Email settings
			$form['email-setting'] = intval($form['email-setting']);

			// Language
			if (!in_array($form['language'], get_languages()))
				$form['language'] = $sys_config['language'];

			// Time zone
			if (is_float($form['timezone']))
				$form['timezone'] = 0;

			// DST
			$form['dst'] = isset($form['dst']) && $form['dst'] == 1 ? 1 : 0;

			// Process
			if ($errors === false)
			{
				// put stuff in db and redirect
				$sys_db->query('
					UPDATE
						'.DB_PREFIX.'users
					SET
						gid=\''.$form['usergroup'].'\',
						username=\''.$sys_db->escape($form['username']).'\',
						active='.$form['user-status'].',
						email=\''.$sys_db->escape($form['email']).'\',
						real_name=\''.$sys_db->escape($form['realname']).'\',
						description=\''.$sys_db->escape($form['description']).'\',
						'.($password_change === false ? NULL : 'password=\''.$sys_db->escape(generate_password($form['newpw1'], $user['salt'])).'\', ').'
						website=\''.$sys_db->escape($form['website']).'\',
						msn=\''.$sys_db->escape($form['msn']).'\',
						yahoo=\''.$sys_db->escape($form['yahoo']).'\',
						show_email='.$form['email-setting'].',
						language=\''.$sys_db->escape($form['language']).'\',
						timezone='.$sys_db->escape($form['timezone']).',
						dst='.$form['dst'].'
					WHERE
						id='.intval($user['id'])) or error($sys_db->error(), __FILE__, __LINE__);

				header('location: '.ADMIN_URL.URI_PREFIX.'users/edited'.URI_SUFFIX); exit;
			}
		}

		// Set page title
		$sys_tpl->assign('page_title', 'Edit user - '.$sys_config['website_title'].' Admin');

		?>

<h2>Edit user: <?php echo $user['username'] ?></h2>

<form method="post" accept-charset="utf-8" action="<?php echo ADMIN_URL, URI_PREFIX, 'users/edit/', $sys_request[3], URI_SUFFIX ?>">

	<div>
		<input type="hidden" name="token" value="<?php echo SYS_TOKEN ?>" />
	</div>

	<ul class="frm-vc">
		<?php if ($user['id'] != 2): ?>
		<li class="frm-title">
			<h3>Administration</h3>
		</li>

		<li class="frm-block">Ban, (de)activate or assign an usergroup to the user.</li>

		<li class="frm-block">
			<div class="fld-label"><label for="fld-0">Usergroup:</label></div>
			<div class="fld-text">
				<select id="fld-0" name="form[usergroup]">

				<?php

				$result = $sys_db->query('SELECT g.id, g.name FROM '.DB_PREFIX.'usergroups AS g WHERE id != '.GUEST_GID) or error($sys_db->error(), __FILE__, __LINE__);
				while ($row = $sys_db->fetch_assoc($result))
					echo '<option value ="', $row['id'], '" ', ($row['id'] == $user['gid'] ? ' selected="selected"' : null).'>', utf8_htmlencode($row['name']), '</option>', "\n";

				?>

				</select>
			</div>
		</li>

		<li class="frm-block">
			<div class="fld-label"><label>User status:</label></div>
			<div class="fld-text">
				<div><label for="fld-1"><input type="radio" id="fld-1" name="form[user-status]" value="0" <?php echo $user['active'] == 0 ? 'checked="checked"' : null ?> /> Deactivated.</label></div>
				<div><label for="fld-2"><input type="radio" id="fld-2" name="form[user-status]" value="1" <?php echo $user['active'] == 1 ? 'checked="checked"' : null ?> /> Activated.</label></div>
			</div>
		</li>
		<?php endif; ?>

		<li class="frm-title">
			<h3>Account information</h3>
		</li>

		<li class="frm-block">Essential account information.</li>

		<li class="frm-block<?php echo isset($errors['username']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-3">Username:</label></div>
			<div class="fld-input"><input class="text" type="text" name="form[username]" id="fld-3" maxlength="20" value="<?php echo isset($form['username']) ? utf8_htmlencode($form['username']) : utf8_htmlencode($user['username']) ?>" /></div>
			<?php echo isset($errors['username']) ? '<span class="fld-error-message">'.$errors['username'].'</span>' : null ?>
		</li>

		<li class="frm-block<?php echo isset($errors['email']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-4">E-mail:</label></div>
			<div class="fld-input"><input class="text" type="text" name="form[email]" id="fld-4" maxlength="100" value="<?php echo $user['email'] ?>" /></div>
			<?php echo isset($errors['email']) ? '<span class="fld-error-message">'.$errors['email'].'</span>' : null ?>
		</li>

		<li class="frm-block<?php echo isset($errors['realname']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-5">Real name:</label></div>
			<div class="fld-input"><input class="text" type="text" name="form[realname]" id="fld-5" maxlength="255" value="<?php echo utf8_htmlencode($user['real_name']) ?>" /></div>
			<?php echo isset($errors['realname']) ? '<span class="fld-error-message">'.$errors['realname'].'</span>' : null ?>
		</li>

		<li class="frm-block<?php echo isset($errors['description']) ? ' form-error' : null ?>">
			<div class="fld-label">
				<label for="fld-6">Description:</label>
				<div class="fld-desc">Personal information about the user.</div>
			</div>
			<div class="fld-input"><textarea name="form[description]" id="fld-6" rows="10" cols="50"><?php echo utf8_htmlencode($user['description']) ?></textarea></div>
			<?php echo isset($errors['description']) ? '<span class="fld-error-message">'.$errors['description'].'</span>' : null ?>
		</li>

		<li class="frm-title">
			<h3>Change password</h3>
		</li>

		<li class="frm-block">Password must atleast be 6 characters long and it is advised to use a mixture of (capital) characters and numbers.</li>

		<li class="frm-block<?php echo isset($errors['newpw1']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-7">New password:</label></div>
			<div class="fld-input"><input class="text" type="password" name="form[newpw1]" id="fld-7" maxlength="100" /></div>
			<?php echo isset($errors['newpw1']) ? '<span class="fld-error-message">'.$errors['newpw1'].'</span>' : null ?>
		</li>

		<li class="frm-block<?php echo isset($errors['newpw2']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-8">Confirm:</label></div>
			<div class="fld-input"><input class="text" type="password" name="form[newpw2]" id="fld-8" maxlength="100" /></div>
			<?php echo isset($errors['newpw2']) ? '<span class="fld-error-message">'.$errors['newpw2'].'</span>' : null ?>
		</li>

		<li class="frm-title">
			<h3>Contact information</h3>
		</li>

		<li class="frm-block">This information will be displayed in public.</li>

		<li class="frm-block<?php echo isset($errors['website']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-9">Website:</label></div>
			<div class="fld-input"><input class="text" type="text" name="form[website]" id="fld-9" maxlength="100" value="<?php echo $user['website'] ?>" /></div>
			<?php echo isset($errors['website']) ? '<span class="fld-error-message">'.$errors['website'].'</span>' : null ?>
		</li>

		<li class="frm-block<?php echo isset($errors['msn']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-10">MSN:</label></div>
			<div class="fld-input"><input class="text" type="text" name="form[msn]" id="fld-10" maxlength="100" value="<?php echo $user['msn'] ?>" /></div>
			<?php echo isset($errors['msn']) ? '<span class="fld-error-message">'.$errors['msn'].'</span>' : null ?>
		</li>

		<li class="frm-block<?php echo isset($errors['yahoo']) ? ' form-error' : null ?>">
			<div class="fld-label"><label for="fld-11">Yahoo!:</label></div>
			<div class="fld-input"><input class="text" type="text" name="form[yahoo]" id="fld-11" maxlength="100" value="<?php echo $user['yahoo'] ?>" /></div>
			<?php echo isset($errors['yahoo']) ? '<span class="fld-error-message">'.$errors['yahoo'].'</span>' : null ?>
		</li>

		<li class="frm-title">
			<h3>Settings</h3>
		</li>

		<li class="frm-block">E-mail, timezone, language and date display settings.</li>

		<li class="frm-block">
			<div class="fld-label"><label>E-mail settings:</label></div>
			<div class="fld-text">
				<div><label for="fld-12"><input type="radio" id="fld-12" name="form[email-setting]" value="0" <?php echo $user['show_email'] == 0 ? 'checked="checked"' : null ?> /> Hide your e-mail address for everyone.</label></div>
				<div><label for="fld-13"><input type="radio" id="fld-13" name="form[email-setting]" value="1" <?php echo $user['show_email'] == 1 ? 'checked="checked"' : null ?> /> Display your e-mail address to other users, but not to guests.</label></div>
				<div><label for="fld-14"><input type="radio" id="fld-14" name="form[email-setting]" value="2" <?php echo $user['show_email'] == 2 ? 'checked="checked"' : null ?> /> Display your e-mail address to everyone.</label></div>
			</div>
		</li>

		<li class="frm-block">
			<div class="fld-label"><label for="fld-15">Language:</label></div>
			<div class="fld-input">
				<select name="form[language]" id="fld-15">

				<?php

				$languages = get_languages();
				foreach ($languages as $language)
					echo '<option value="'.$language.'" '.($language == $user['language'] ? 'selected="selected"' : null).'>'.$language.'</option>'."\n";

				?>

				</select>
			</div>
		</li>

		<li class="frm-block">
			<div class="fld-label"><label for="fld-16">Timezone:</label></div>
			<div class="fld-text">
				<select id="fld-16" name="form[timezone]">
					<option value="-12"<?php if ($user['timezone'] == -12) echo ' selected="selected"' ?>>(UTC-12:00) International Date Line West</option>
					<option value="-11"<?php if ($user['timezone'] == -11) echo ' selected="selected"' ?>>(UTC-11:00) Niue, Samoa</option>
					<option value="-10"<?php if ($user['timezone'] == -10) echo ' selected="selected"' ?>>(UTC-10:00) Hawaii-Aleutian, Cook Island</option>
					<option value="-9.5"<?php if ($user['timezone'] == -9.5) echo ' selected="selected"' ?>>(UTC-09:30) Marquesas Islands</option>
					<option value="-9"<?php if ($user['timezone'] == -9) echo ' selected="selected"' ?>>(UTC-09:00) Alaska, Gambier Island</option>
					<option value="-8"<?php if ($user['timezone'] == -8) echo ' selected="selected"' ?>>(UTC-08:00) Pacific</option>
					<option value="-7"<?php if ($user['timezone'] == -7) echo ' selected="selected"' ?>>(UTC-07:00) Mountain</option>
					<option value="-6"<?php if ($user['timezone'] == -6) echo ' selected="selected"' ?>>(UTC-06:00) Central</option>
					<option value="-5"<?php if ($user['timezone'] == -5) echo ' selected="selected"' ?>>(UTC-05:00) Eastern</option>
					<option value="-4"<?php if ($user['timezone'] == -4) echo ' selected="selected"' ?>>(UTC-04:00) Atlantic</option>
					<option value="-3.5"<?php if ($user['timezone'] == -3.5) echo ' selected="selected"' ?>>(UTC-03:30) Newfoundland</option>
					<option value="-3"<?php if ($user['timezone'] == -3) echo ' selected="selected"' ?>>(UTC-03:00) Amazon, Central Greenland</option>
					<option value="-2"<?php if ($user['timezone'] == -2) echo ' selected="selected"' ?>>(UTC-02:00) Mid-Atlantic</option>
					<option value="-1"<?php if ($user['timezone'] == -1) echo ' selected="selected"' ?>>(UTC-01:00) Azores, Cape Verde, Eastern Greenland</option>
					<option value="0"<?php if ($user['timezone'] == 0) echo ' selected="selected"' ?>>(UTC) Western European, Greenwich</option>
					<option value="1"<?php if ($user['timezone'] == 1) echo ' selected="selected"' ?>>(UTC+01:00) Central European, West African</option>
					<option value="2"<?php if ($user['timezone'] == 2) echo ' selected="selected"' ?>>(UTC+02:00) Eastern European, Central African</option>
					<option value="3"<?php if ($user['timezone'] == 3) echo ' selected="selected"' ?>>(UTC+03:00) Moscow, Eastern African</option>
					<option value="3.5"<?php if ($user['timezone'] == 3.5) echo ' selected="selected"' ?>>(UTC+03:30) Iran</option>
					<option value="4"<?php if ($user['timezone'] == 4) echo ' selected="selected"' ?>>(UTC+04:00) Gulf, Samara</option>
					<option value="4.5"<?php if ($user['timezone'] == 4.5) echo ' selected="selected"' ?>>(UTC+04:30) Afghanistan</option>
					<option value="5"<?php if ($user['timezone'] == 4) echo ' selected="selected"' ?>>(UTC+05:00) Pakistan, Yekaterinburg</option>
					<option value="5.5"<?php if ($user['timezone'] == 5.5) echo ' selected="selected"' ?>>(UTC+05:30) India, Sri Lanka</option>
					<option value="5.75"<?php if ($user['timezone'] == 5.75) echo ' selected="selected"' ?>>(UTC+05:45) Nepal</option>
					<option value="6"<?php if ($user['timezone'] == 6) echo ' selected="selected"' ?>>(UTC+06:00) Bangladesh, Bhutan, Novosibirsk</option>
					<option value="6.5"<?php if ($user['timezone'] == 6.5) echo ' selected="selected"' ?>>(UTC+06:30) Cocos Islands, Myanmar</option>
					<option value="7"<?php if ($user['timezone'] == 7) echo ' selected="selected"' ?>>(UTC+07:00) Indochina, Krasnoyarsk</option>
					<option value="8"<?php if ($user['timezone'] == 8) echo ' selected="selected"' ?>>(UTC+08:00) Great China, Australian Western, Irkutsk</option>
					<option value="8.75"<?php if ($user['timezone'] == 8.75) echo ' selected="selected"' ?>>(UTC+08:45) Southeastern Western Australia</option>
					<option value="9"<?php if ($user['timezone'] == 9) echo ' selected="selected"' ?>>(UTC+09:00) Japan, Korea, Chita</option>
					<option value="9.5"<?php if ($user['timezone'] == 9.5) echo ' selected="selected"' ?>>(UTC+09:30) Australian Central</option>
					<option value="10"<?php if ($user['timezone'] == 10) echo ' selected="selected"' ?>>(UTC+10:00) Australian Eastern, Vladivostok</option>
					<option value="10.5"<?php if ($user['timezone'] == 10.5) echo ' selected="selected"' ?>>(UTC+10:30) Lord Howe</option>
					<option value="11"<?php if ($user['timezone'] == 11) echo ' selected="selected"' ?>>(UTC+11:00) Solomon Island, Magadan</option>
					<option value="11.5"<?php if ($user['timezone'] == 11.5) echo ' selected="selected"' ?>>(UTC+11:30) Norfolk Island</option>
					<option value="12"<?php if ($user['timezone'] == 12) echo ' selected="selected"' ?>>(UTC+12:00) New Zealand, Fiji, Kamchatka</option>
					<option value="12.75"<?php if ($user['timezone'] == 12.75) echo ' selected="selected"' ?>>(UTC+12:45) Chatham Islands</option>
					<option value="13"<?php if ($user['timezone'] == 13) echo ' selected="selected"' ?>>(UTC+13:00) Tonga, Phoenix Islands</option>
					<option value="14"<?php if ($user['timezone'] == 14) echo ' selected="selected"' ?>>(UTC+14:00) Line Islands</option>
				</select>
			</div>
		</li>

		<li class="frm-block">
			<div class="fld-label"><label>Adjust for DST:</label></div>
			<div class="fld-text"><label for="fld-17"><input type="checkbox" id="fld-17" name="form[dst]" value="1" <?php if ($user['dst'] == 1) echo 'checked="checked" ' ?>/>Daylight savings is in effect (advance times by 1 hour).</label></div>
		</li>

		<li class="frm-block frm-buttons">
			<div class="fld-label">&nbsp;</div>
			<div class="fld-input">
				<input type="submit" value="Edit profile" name="frm-submit" id="frm-submit" />
				<input onclick="window.location='<?php echo ADMIN_URL.URI_PREFIX.'users'.URI_SUFFIX ?>'" type="button" value="Cancel" name="frm-cancel" id="frm-cancel" />
			</div>
		</li>
	</ul>
</form>

		<?php
	}
	else
		send_404($sys_lang['e_error'], '<p>The user does not exist.</p>', false);
}

// Userlist
else
{
	if (isset($sys_request[2]) && $sys_request[2] == 'delete' && check_token(true))
	{
		$sys_request[3] = isset($sys_request[3]) ? intval($sys_request[3]) : 0;

		if ($sys_request[3] === GUEST_UID || $sys_request[3] === 2)
		{
			header('location: '.ADMIN_URL.URI_PREFIX.'users/cannot_delete'.URI_SUFFIX); exit;
		}
		else
		{
			$result = $sys_db->query('SELECT u.id FROM '.DB_PREFIX.'users AS u WHERE id='.$sys_request[3]) or error($sys_db->error(), __FILE__, __LINE__);

			if ($sys_db->num_rows($result) > 0)
			{
				$sys_db->query('DELETE FROM '.DB_PREFIX.'users WHERE id='.$sys_request[3]) or error($sys_db->error(), __FILE__, __LINE__);
				header('location: '.ADMIN_URL.URI_PREFIX.'users/deleted'.URI_SUFFIX); exit;
			}
			else
			{
				header('location: '.ADMIN_URL.URI_PREFIX.'users/delete_error'.URI_SUFFIX); exit;
			}
		}
	}

	if (isset($sys_request[2]) && $sys_request[2] == 'edited')
		$sys_tpl->add('main_content', '<div class="success">User profile has been succesfully changed.</div>');
	else if (isset($sys_request[2]) && $sys_request[2] == 'deleted')
		$sys_tpl->add('main_content', '<div class="success">User succesfully deleted.</div>');
	else if (isset($sys_request[2]) && $sys_request[2] == 'delete_error')
		$sys_tpl->add('main_content', '<div class="warning">The user you tried to delete does not exist.</div>');
	else if (isset($sys_request[2]) && $sys_request[2] == 'cannot_delete')
		$sys_tpl->add('main_content', '<div class="notice">You can\'t remove the <em>guest</em> user or the main <em>administrator</em>.</div>');

	// Set page title
	$sys_tpl->assign('page_title', 'Users - '.$sys_config['website_title'].' Admin');

	?>

<h2>Users</h2>

	<?php

	$user_filter = $user_sql = $group_sql = NULL;
	$group_filter = 0;
	$sortby_filter = 5;
	$sortorder_filter = 1;
	$sorting_sql = ' ORDER BY u.register_date ASC';

	// Reset filter
	if (isset($_POST['frm-reset']))
	{
		header('location: '.ADMIN_URL.URI_PREFIX.'users'.URI_SUFFIX); exit;
	}

	// Process filter
	if (isset($_POST['frm-submit']) && check_token())
	{
		$form = array_map('system_trim', $_POST['form']);

		$form['username'] = !empty($form['username']) ? base64_url_encode($form['username']) : 0;
		$form['usergroup'] = intval($form['usergroup']);
		$form['sortby'] = intval($form['sortby']);
		$form['sortorder'] = intval($form['sortorder']);

		header('location: '.ADMIN_URL.URI_PREFIX.'users'.URI_SUFFIX.'&filter='.implode('/', $form)); exit;
	}

	// Apply filter
	if (isset($_GET['filter']))
	{
		list($user_filter, $group_filter, $sortby_filter, $sortorder_filter) = explode('/', $_GET['filter']);

		$group_filter = intval($group_filter);
		$sortby_filter = intval($sortby_filter);
		$sortorder_filter = intval($sortorder_filter);

		if (utf8_strlen($user_filter) > 1)
			$user_sql = ' AND u.username=\''.$sys_db->escape(base64_url_decode($user_filter)).'\'';

		if ($group_filter > 0)
			$group_sql = ' AND g.id='.$group_filter;

		if ($sortby_filter == 1)
			$sorting_sql = ' ORDER BY u.username'.($sortorder_filter == 1 ? ' ASC' : ' DESC');
		else if ($sortby_filter == 2)
			$sorting_sql = ' ORDER BY u.real_name'.($sortorder_filter == 1 ? ' ASC' : ' DESC');
		else if ($sortby_filter == 3)
			$sorting_sql = ' ORDER BY g.usertitle'.($sortorder_filter == 1 ? ' ASC' : ' DESC');
		else if ($sortby_filter == 4)
			$sorting_sql = ' ORDER BY g.name'.($sortorder_filter == 1 ? ' ASC' : ' DESC');
		else if ($sortby_filter == 5)
			$sorting_sql = ' ORDER BY u.register_date'.($sortorder_filter == 1 ? ' ASC' : ' DESC');
	}

	?>

<div id="userlist-filter">
	<form method="post" accept-charset="utf-8" action="<?php echo ADMIN_URL, URI_PREFIX, 'users', URI_SUFFIX ?>">

		<div>
			<input type="hidden" name="token" value="<?php echo SYS_TOKEN ?>" />
		</div>

		<ul id="userlist-search" class="frm-hc hc-box">
			<li class="frm-block">
				<div class="fld-label"><label for="fld-0">Username:</label></div>
				<div class="fld-input"><input class="text" type="text" name="form[username]" id="fld-0" maxlength="20" <?php echo utf8_strlen($user_filter) > 0 ? ' value="'.utf8_htmlencode(base64_url_decode($user_filter)).'"' : null ?>/></div>
			</li>

			<li class="frm-block">
				<div class="fld-label"><label for="fld-1">Usergroup:</label></div>
				<div class="fld-input">
					<select name="form[usergroup]" id="fld-1">
						<option value="0">All usergroups</option>

						<?php

						$result = $sys_db->query('SELECT g.id, g.name FROM '.DB_PREFIX.'usergroups AS g WHERE id != '.GUEST_GID) or error($sys_db->error(), __FILE__, __LINE__);
						while ($row = $sys_db->fetch_assoc($result))
							echo '<option value="', $row['id'], '" ', ($row['id'] == $group_filter ? ' selected="selected"' : null).'>', utf8_htmlencode($row['name']), '</option>', "\n";

						?>

					</select>
				</div>
			</li>

			<li class="frm-block">
				<div class="fld-label"><label for="fld-2">Sort by:</label></div>
				<div class="fld-input">
					<select name="form[sortby]" id="fld-2">
						<option value="1"<?php echo $sortby_filter === 1 ? ' selected="selected"' : null ?>>Username</option>
						<option value="2"<?php echo $sortby_filter === 2 ? ' selected="selected"' : null ?>>Real name</option>
						<option value="3"<?php echo $sortby_filter === 3 ? ' selected="selected"' : null ?>>Title</option>
						<option value="4"<?php echo $sortby_filter === 4 ? ' selected="selected"' : null ?>>Usergroup</option>
						<option value="5"<?php echo $sortby_filter === 5 ? ' selected="selected"' : null ?>>Register date</option>
					</select>
				</div>
			</li>

			<li class="frm-block">
				<div class="fld-label"><label for="fld-3">Sorting order:</label></div>
				<div class="fld-input">
					<select name="form[sortorder]" id="fld-3">
						<option value="1"<?php echo $sortorder_filter === 1 ? ' selected="selected"' : null ?>>Ascending</option>
						<option value="2"<?php echo $sortorder_filter === 2 ? ' selected="selected"' : null ?>>Descending</option>
					</select>
				</div>
			</li>

			<li class="frm-block frm-buttons">
				<div class="fld-input">
					<input type="submit" value="Search" name="frm-submit" id="frm-submit" />
					<input type="submit" value="Reset" name="frm-reset" id="frm-reset" />
				</div>
			</li>
		</ul>
	</form>
</div>

	<?php

	$sys_request[2] = isset($sys_request[2]) && $sys_request[2] > 0 ? $sys_request[2] : 1;
	$list_start = ($sys_request[2]-1) * 20;
	$list_limit = 20;

	$result = $sys_db->query('SELECT u.id, u.username, u.real_name, u.active, u.register_date, g.name AS usergroup, g.usertitle FROM '.DB_PREFIX.'users AS u INNER JOIN '.DB_PREFIX.'usergroups AS g ON u.gid=g.id WHERE u.id > 1'.$user_sql.$group_sql.$sorting_sql.' LIMIT '.$list_start.','.$list_limit.'') or error($sys_db->error(), __FILE__, __LINE__);

	if ($sys_db->num_rows($result) > 0)
	{
		// Count users
		$user_count = $sys_db->fetch_assoc($sys_db->query('SELECT COUNT(*) as user_count FROM '.DB_PREFIX.'users AS u INNER JOIN '.DB_PREFIX.'usergroups AS g ON u.gid=g.id WHERE u.id > 1'.$user_sql.$group_sql)) or error($sys_db->error(), __FILE__, __LINE__);
		$user_count = $user_count['user_count'];

		if (!isset($_GET['filter']))
			$userlist_url = ADMIN_URL.URI_PREFIX.'users/%d'.URI_SUFFIX;
		else
			$userlist_url = ADMIN_URL.URI_PREFIX.'users/%d'.URI_SUFFIX.'&amp;filter='.utf8_htmlencode($_GET['filter']);

		$pages = pagination($user_count, 20, $sys_request[2], $userlist_url);

		?>

<div class="info">There is a total of <?php echo $user_count ?> users. - Users with a red, bold username are inactive users.</div>

<?php echo $pages ?>

<table id="userlist">
	<thead>

		<tr>
			<th class="td-username" scope="col">Username</th>
			<th class="td-realname" scope="col">Real name</th>
			<th class="td-group" scope="col"><?php echo $sortby_filter === 3 ? 'Title' : 'Usergroup' ?></th>
			<th class="td-date" scope="col">Register date</th>
			<th class="td-actions" scope="col">Actions</th>
		</tr>
	</thead>

	<tbody>

		<?php

		while ($row = $sys_db->fetch_assoc($result))
		{
			?>

			<tr>
				<td class="td-username<?php echo ($row['active'] == 0 ? ' td-inactive' : NULL) ?>"><a href="<?php echo WEBSITE_URL, URI_PREFIX, 'profile/', $row['id'], URI_SUFFIX ?>" rel="blank"><?php echo utf8_htmlencode($row['username']) ?></a></td>
				<td class="td-realname"><?php echo $row['real_name'] ?></td>
				<td class="td-group"><?php echo $sortby_filter === 3 ? $row['usertitle'] : utf8_htmlencode($row['usergroup']) ?></td>
				<td class="td-date"><?php echo format_time($row['register_date']) ?></td>
				<td class="td-actions"><a href="<?php echo ADMIN_URL, URI_PREFIX, 'users/edit/', $row['id'], URI_SUFFIX ?>">Edit</a><?php if ($row['id'] != 2): ?> - <a class="confirm" href="<?php echo ADMIN_URL, URI_PREFIX, 'users/delete/', $row['id'], URI_SUFFIX, '&amp;token=', SYS_TOKEN ?>">Delete</a><?php endif; ?></td>
			</tr>

			<?php
		}

		?>

		</tbody>
	</table>

		<?php

		echo $pages;
	}
	else
		echo "\n", '<h3 class="center">No users found, </h3>', "\n";
}
?>
Return current item: Shinobu