<?php
session_start();
require_once('includes/config.inc.php');
require_once('includes/functions.inc.php');
require_once('login.inc.php');
require_once('includes/header.php');
// note about levels
$levelsnote = "<em>n.b. 6+ can manage users; 3+ can manage projects; below 3 can only view reports </em>";
// get user list
$users = loadUsers("users.inc.php");
switch ($_REQUEST['action']) {
case "EditUser" :
$_SESSION['statusmsg'] = null;
if ($_REQUEST['id'] == "new") {
foreach((array)$users as $user) { // skim through array to identify next free user ID
$userids[] = $user['ID'];
}
@sort($userids);
$newid = @array_pop($userids)+1;
$userform .= "<form action='usermgr.php' method='post' class='clearbox'><h2>New user details</h2>\n";
$userform .= "{$_SESSION['errormsg']}";
$userform .= "<div class='userinfo'>\n<p><label>Real name:<br /><input type='text' size='50' name=\"user[name]\" value=\"\" /></label></p>\n";
$userform .= "<p><label>Username:<br /><input type=\"text\" size=\"50\" name=\"user[user]\" value=\"\" /></label></p>\n";
$userform .= "<p><label>Password:<br /><input type='password' size='50' name=\"user[password_current]\" value=\"\" /></label></p>\n";
$userform .= "<p><label>Password (confirm):<br /><input type='password' size='50' name=\"user[password_new]\" value=\"\" /></label></p>\n";
$userform .= "<p><label>Email:<br /><input type='text' size='50' name=\"user[email]\" value=\"\" /></label></p>\n";
$userform .= "<p><label>Level: {$levelsnote}<br />".makeUserLevelMenu("user[level]","",$cookieinfo['level'])."</label></p>\n</div>";
$userform .= "<input type='submit' value='Create new user' /><input type='hidden' name='action' value='SaveUser' /><input type='hidden' name=\"user[ID]\" value=\"{$newid}\" /><input type='hidden' name='newuser' value='TRUE' /></form>";
} else {
$userform .= "<form action='usermgr.php' method='post' class='clearbox'><h2>Edit user details</h2>\n";
$userform .= "{$_SESSION['errormsg']}";
foreach((array)$users as $user) { // skim through array to match right user ID
if ($user['ID'] == $_REQUEST['id']) {
$userform .= "<div class='userinfo'>\n<p><label>Real name:<br /><input type='text' size='50' name=\"user[name]\" value=\"{$user[name]}\" /></label></p>\n";
$userform .= "<p><label>Username:<br /><input type='text' size='50' name=\"user[user]\" value=\"{$user[user]}\" /></label></p>\n";
$userform .= "<p><label>Password (current):<br /><input type='password' size='50' name=\"user[password_current]\" value=\"{$user[password]}\" /></label></p>\n";
$userform .= "<p><label>Password (confirm again if changed):<br /><input type='password' size='50' name=\"user[password_new]\" value=\"\" /></label></p>\n";
$userform .= "<p><label>Email:<br /><input type='text' size='50' name=\"user[email]\" value=\"{$user[email]}\" /></label></p>\n";
$userform .= "<p><label>Level: {$levelsnote}<br />".makeUserLevelMenu("user[level]",$user['level'],$cookieinfo['level'])."</label></p>\n</div>";
$userform .= "<input type='submit' value='Save changes' /><input type='hidden' name='action' value='SaveUser' /><input type='hidden' name=\"user[ID]\" value=\"{$user[ID]}\" /></form>";
}
}
}
$_SESSION['errormsg'] = null;
echo ($userform);
break;
case "SaveUser" :
print_r($_POST);
// validate user info
// if new password, the two must match and be the right length
if ($_POST[user]['password_new'] || $_POST['newuser'] == "TRUE") { // new password
$newpasswordflag = "TRUE";
if ($_POST[user]['password_new'] != $_POST[user]['password_current']) {
$errormsg .= "<p class='error'>Passwords do not match. Please enter the same new password in both boxes.</p>";
}
if (strlen($_POST[user]['password_new'])<4) {
$errormsg .= "<p class='error'>New password was too short. Must be 4 characters or more.</p>";
}
}
// username must be the right length
if (strlen($_POST[user]['user'])<4) {
$errormsg .= "<p class='error'>Username too short. Must be 4 characters or more.</p>";
}
// access level must be specified
if (strlen($_POST[user]['level'])<1) {
$errormsg .= "<p class='error'>Please select a level of access privileges for this user.</p>";
}
if (!$errormsg) {
$outputusers .= "<?php /*\nuser\tname\tID\tpassword\temail\tlevel\tblank\n";
foreach((array)$users as $user) {
if ($user['ID'] == $_POST[user]['ID']) {
$outputusers .= strtolower(trim($_POST[user]['user'])) . "\t" . trim($_POST[user]['name']) . "\t" . $_POST[user]['ID'] . "\t" . trim($_POST[user]['password_current']) . "\t" . trim($_POST[user]['email']) . "\t" . $_POST[user]['level'] . "\t\n";
} else {
$outputusers .= $user['user'] . "\t" . $user['name'] . "\t" . $user['ID'] . "\t" . $user['password'] . "\t" . $user['email'] . "\t" . $user['level'] . "\t\n";
}
}
if ($_POST['newuser'] == "TRUE") { // add new user
$outputusers .= strtolower(trim($_POST[user]['user'])) . "\t" . trim($_POST[user]['name']) . "\t" . $_POST[user]['ID'] . "\t" . trim($_POST[user]['password_current']) . "\t" . trim($_POST[user]['email']) . "\t" . $_POST[user]['level'] . "\t\n";
}
$outputusers .= "*/ ?>";
$saved = saveFile('users.inc.php',$outputusers);
if ($saved) {
$_SESSION['statusmsg'] = "The user details were saved.";
header("Location: usermgr.php");
} else {
$_SESSION['statusmsg'] = "Sorry, the user details could not be saved.";
header("Location: usermgr.php");
}
} else {
$_SESSION['errormsg'] = $errormsg;
if ($_POST['newuser'] == "TRUE") {
header("Location: usermgr.php?action=EditUser&id=new");
} else {
header("Location: usermgr.php?action=EditUser&id=".$_POST[user]['ID']);
}
}
break;
case "DeleteUser" :
$outputusers .= "<?php /*\nuser\tname\tID\tpassword\temail\tlevel\tblank\n";
foreach((array)$users as $user) {
if ($user['ID'] != $_REQUEST['id']) {
$outputusers .= $user['user'] . "\t" . $user['name'] . "\t" . $user['ID'] . "\t" . $user['password'] . "\t" . $user['email'] . "\t" . $user['level'] . "\t\n";
}
}
$outputusers .= "*/ ?>";
$saved = saveFile('users.inc.php',$outputusers);
if ($saved) {
$_SESSION['statusmsg'] = "The user details were deleted.";
header("Location: usermgr.php");
} else {
$_SESSION['statusmsg'] = "Sorry, the user details could not be deleted.";
header("Location: usermgr.php");
}
break;
default : // show user list
$_SESSION['statusmsg'] = null;
$usertable .= "<table id='users'>\n<thead><th>Username:</th><th>Email:</th><th>Access Level:</th><th>Options:</th></thead>\n<tbody>\n";
foreach((array)$users as $user) {
if($user['level']>8 && $cookieinfo['level']<9) { // a lower level user looking at a top level user
$usertable .= "<tr class='user'><td>{$user['user']} ({$user['name']})</td><td>{$user['email']}</td><td>{$user['level']}</td><td>
<form action=\"usermgr.php?action=EditUser&id={$user['ID']}\" method='post'><input type='submit' disabled='disabled' value='Edit details' /></form>
<form action=\"usermgr.php?action=DeleteUser&id={$user['ID']}\" method='post'><input type='submit' disabled='disabled' onclick=\"return confirmSubmit('Are you sure you want to permanently delete this user?');\" value='Delete user' /></form>
</td></tr>\n";
} else {
$usertable .= "<tr class='user'><td>{$user['user']} ({$user['name']})</td><td>{$user['email']}</td><td>{$user['level']}</td><td>
<form action=\"usermgr.php?action=EditUser&id={$user['ID']}\" method='post'><input type='submit' value='Edit details' /></form>
<form action=\"usermgr.php?action=DeleteUser&id={$user['ID']}\" method='post'><input type='submit' onclick=\"return confirmSubmit('Are you sure you want to permanently delete this user?');\" value='Delete user' /></form>
</td></tr>\n";
}
}
$usertable .= "</tbody>\n</table>\n";
$html = "
<div class='clearbox'>
<h2>Current users</h2>
<br />
{$usertable}
<br />
<h2 id='surveylink'>New user</h2>
<form action=\"usermgr.php?action=EditUser&id=new\" method='post'><br /><input type='submit' value='Create new user' /></form>
</div>
";
echo ($html);
break;
}
echo ("<!-- ");
//print_r($users);
echo (" -->");
include('includes/footer.php');
?>