Location: PHPKode > projects > WB News > admin/edit-user.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v2.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2007                          #||
||#     Created: 21st April 2007                         #||
||#     Filename: edit-user.php                          #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: edit-user.php,v 1.1.2.5.2.1 2008/07/14 11:02:37 pmcilwaine Exp $
 */

require_once( "global.php" );
$auth->login_if( !isset($_GET["id"]) ? !$auth->has_perm( "adduser" ) : !$auth->has_perm( "modifyuser" ) );

$myform = "edit-user";
if ( !isset($_SESSION["return_page"]) )
{
	$_SESSION["return_page"] = MAIN_SERVER . "/admin/user.php";
}

$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/edit-user.ihtml") );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => FALSE,
	"class_open" => "open",
	"links" => toolbarmenu()
	);
$toolbar = include( INCDIR . "/page-menu.php" );

$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );

$id = isset($_REQUEST["id"]) ? $DB->escape( $_REQUEST["id"] ) : NULL;

$cond = array();
$cond[] = "userid='$id'";
$cond = join( " AND ", $cond );

$formdata =& $tmpl->AddParam( "formdata", array() );
$options =& $tmpl->AddParam( "options", array() );

$DB->query( "SELECT * FROM " . TBL_USERS . " WHERE $cond" );
$is_new = !$DB->next_record();

$formdata["username"] = htmlspecialchars( $DB->field("username") );
$formdata["email"] = htmlspecialchars( $DB->field("email") );
$formdata["postname"] = htmlspecialchars( $DB->field("postname") );
$formdata["usergroupid"] = htmlspecialchars( $DB->field( "usergroupid" ) );
$formdata["set_password"] = $is_new;

$cond = "";
$fields = array(
	"usergroupid",
	"title"
	);
$ids = $DB->ListBy( TBL_UGROUPS, $cond, $fields, "title ASC" );
foreach ( $ids as $i )
{
	$options["usergroupid"][$i["usergroupid"]] = htmlspecialchars( $i["title"] );
}

if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{

	$err_msg = array();

	switch ( Submit() )
	{

	case "Create" :
	case "Ok" :

		$username = sanitize_post( "username" );
		$password = sanitize_post( "password" );
		$postname = sanitize_post( "postname" );
		$email = sanitize_post( "email" );
		$usergroupid = sanitize_post( "usergroupid" );

		if ( "" == $username )
		{
			$err_msg["username"] = "You must enter a username";
		}
		else if ( strlen($username) <= 3 )
		{
			$err_msg["username"] = "Username must be 4 or more characters";
		}

		$cond = array();
		$cond[] = "\"username\"='" . addslashes( $username ) . "'";
		if ( !$is_new )
		{
			$cond[] = "\"userid\"!='$id'";
		}
		$cond = join( " AND ", $cond );

		if ( $DB->CountBy( TBL_USERS, $cond, NULL, NULL, "userid" ) )
		{
			$err_msg["username"] = "Username already in use";
		}

		if ( "" == $email )
		{
			$err_msg["email"] = "You must enter an email";
		}
		else if ( !preg_match( "/^([a-zA-Z0-9])+([.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(.[a-zA-Z0-9_-]+)+[a-zA-Z0-9_-]$/", $email) )
		{
			$err_msg["email"] = "Invalid email format";
		}
		
		if ( (isset($_POST["set_password"]) || $is_new) &&
			$_POST["password"] != $_POST["check_password"] )
		{
			$err_msg["password"] = "Both passwords must match.";
		}
		else if ( (isset($_POST["set_password"]) || $is_new) && strlen($password) < 4 || strlen($password) > 32 )
		{
			$err_msg["password"] = "Password must be 4 to 32 characters long";
		}

		if ( count($err_msg) > 0 )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"] = $err_msg;
			redirect( make_url() );
			exit;
		}

		$usergroupid = $DB->escape( $usergroupid );
		$username = $DB->escape( $username );
		$postname = $DB->escape( $postname );
		$email = $DB->escape( $email );
		
		$query = array();
		if ( $is_new )
		{
			$password = md5( $password . $config['salt'] );
			$new_id = $DB->NewID( SEQ_PREFIX . "seq_users" );
			
			$query[] = "INSERT INTO " . TBL_USERS;
			$query[] = " (userid, usergroupid, username, password, postname, email)";
			$query[] = " VALUES( $new_id, $usergroupid, '$username', '$password', '$postname', '$email' )";
		}
		else
		{
			$query[] = "UPDATE " . TBL_USERS . "SET";
			$query[] = " usergroupid=$usergroupid,";
			$query[] = " username='$username',";
			if ( "" != $password )
			{
				$password = md5( $password . $config['salt'] );
				$query[] = " password='$password',";
			}
			$query[] = " postname='$postname',";
			$query[] = " email='$email'";
			$query[] = " WHERE userid='$id'";
		}
		
		if ( !$DB->query( join( " ", $query ) ) )
		{
			Message( "Couldn't commit data" );
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			redirect( make_url() );
			exit;
		}

		switch ( Submit() )
		{
		case "Create":
			Message( "Created new user" );
			break;
		case "Ok":
			Message( "Updated user \"$username\"" );
			break;
		default:
			Message( "Unknown action" );
			break;
		}
		
		redirect( $_SESSION["return_page"] );
		exit;
	case "Delete" :
		$auth->login_if( !$auth->has_perm( "deleteuser" ) );
		$DB->query( "DELETE FROM " . TBL_USERS . " WHERE userid='$id'");
		Message( "Deleted user " . htmlspecialchars( $_POST["username"] ) );
		redirect( $_SESSION["return_page"] );
		exit;
	case "Cancel" :
		if ( $is_new )
		{
			Message( "Cancelled creating news article" );
		}
		else
		{
			Message( "Cancelled updating \"" . htmlspecialchars( $_POST["username"] ) . "\"" );
		}
		redirect( $_SESSION["return_page"] );
		exit;
	}
	
}

$tmpl->AddParam( "caption", $DB->affectedrows() ? "Edit User" : "Create User" );

$formdata["hidden"] = array(
	"form" => $myform,
	"id" => $id
	);

if ( $is_new )
{
	$tmpl->AddParam( "buttons", "Cancel,Create" );
}
else if ( $id == $userinfo["userid"] )
{
	$tmpl->AddParam( "buttons", "Cancel,Ok" );
}
else
{
	$tmpl->AddParam( "buttons", "Cancel,Delete,Ok" );
}

if ( isset($_SESSION["formdata"]) )
{
	if ( isset($_SESSION["err_msg"][$myform]) )
	{
		$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
	}

	$formdata["username"] = sanitize_post_html( "username", NULL , $_SESSION["formdata"] );
	$formdata["postname"] = sanitize_post_html( "postname", NULL , $_SESSION["formdata"] );
	$formdata["email"] = sanitize_post_html( "email", NULL , $_SESSION["formdata"] );
	$formdata["usergroupid"] = sanitize_post_html( "usergroupid", NULL , $_SESSION["formdata"] );

	unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}

$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$page->BindParam( "pagemenu", $tmpl );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => "\t<li>|</li>\n\t",
	"links" => buildmenu( $theme_info["pagemenu_build"] )
	);
$params = array_merge( $params, $theme_info["pagemenu"] );
$pagemenu = include( INCDIR . "/page-menu.php" );

$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();

?>
Return current item: WB News