<?php

# -----------------------------------------------------------------------------
#
# Contains the user's profile information
#
# -----------------------------------------------------------------------------
#
# Copyright (C) 2003 Christian Eheim and Alex Pachikov
#
# This file is part of TVEz (tvez.sourceforge.net).
#
# TVEz is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# TVEz is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with TVEz; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# -----------------------------------------------------------------------------
#
# Created on 12/12/2003 by Christian Eheim (hide@address.com)
#
# LAST MODIFIED:
# $Date: 2004/02/09 04:52:01 $
# $Revision: 1.3 $
# $Author: eheim $
#
# -----------------------------------------------------------------------------


if ( isset($_SESSION['tvezUser']) ) {

require "user/user_form.php";
require "user/access_levels.inc";

echo '
<script>
	function clear_passwd(form) {
		form.passwd1.value = \'\';
		form.passwd2.value = \'\';
		form.passwd1.focus();
	}
	function check_user_form(form) {
		// Make sure there is a user name
		if (form.username.value.length < 1) {
			alert("'.localize_string("You must specify a username").'!");
			form.username.focus();
			return false;
		}
		// If the password is already set to the md5, we keep the old password
		// unless a new password is specified
		if ( (form.passwd1.value.length > 0)	) {
			// Make sure the password is not too short
			if (form.passwd1.value.length < 6) {
				alert("'.localize_string("The password must be at least ==1== characters long",6).'!");
				clear_passwd(form);
				return false;
			}
			// Make sure the passwords match
			if (form.passwd1.value != form.passwd2.value) {
				alert("'.localize_string("The passwords don't match!").'");
				clear_passwd(form);
				return false;
			}
			// Everything is OK, so md5 the old password
			form.oldpasswd.value = hex_md5(form.oldpasswd.value);		
			// md5 the new password
			form.passwd1.value = hex_md5(form.passwd1.value);		
			form.passwd2.value = form.passwd1.value;
		}
		else {
			form.oldpasswd.value = hex_md5(form.oldpasswd.value);		
			form.passwd1.value = form.oldpasswd.value;		
			form.passwd2.value = form.passwd1.value;
		}
		return true;
	}
	</script>
';

if (isset($_REQUEST['action']) && $_REQUEST['action'] == "edit") {

	list($num,$ouser) = get_user_by_name($_SESSION['tvezUser']);
	$olduser = $ouser[0];

	# Make sure the user is not trying to change the access level
	if ( $olduser['access'] != $_REQUEST['access'] ) {
		echo '<div class="usermsg">'.localize_string("You are not allowed to change your access level").'!</div>';
	}
	elseif ( $olduser['password'] != $_REQUEST['oldpasswd'] ) {
		echo '<div class="usermsg">'.localize_string("The password is not correct").'!</div>';
	}
	else {
		$user['id'] = $_REQUEST['id'];
		$user['username'] = $_REQUEST['username'];
		$user['firstname'] = $_REQUEST['firstname'];
		$user['lastname'] = $_REQUEST['lastname'];
		$user['email'] = $_REQUEST['email'];
		$user['password'] = $_REQUEST['passwd1'];
		$user['access'] = $_REQUEST['access'];

		list($success,$nada) = create_user_account($user);
		if ($success) {
			echo '<div class="usermsg">'.localize_string("Your profile has been updated").'</div>';
		}
		else echo "$nada<br>";
	}
}

	list($num,$user) = get_user_by_name($_SESSION['tvezUser']);
	user_form($user[0]);
}

?>