Location: PHPKode > scripts > AskPeople-Free PHP survey application > AskPeople_2_2_2/usermgr.php
<?php

session_start();

require_once('includes/config.inc.php');
require_once('includes/functions.inc.php');
require_once('login.inc.php');

require_once('includes/header.php');

// note about levels
$levelsnote = "<em>n.b. 6+ can manage users; 3+ can manage projects; below 3 can only view reports </em>";

// get user list
$users = loadUsers("users.inc.php");	

switch ($_REQUEST['action']) {

  case "EditUser" :	
	
	$_SESSION['statusmsg'] = null;

	if ($_REQUEST['id'] == "new") {

		foreach((array)$users as $user) { // skim through array to identify next free user ID
			$userids[] = $user['ID'];
		}
		@sort($userids);
		$newid = @array_pop($userids)+1;

		$userform .= "<form action='usermgr.php' method='post' class='clearbox'><h2>New user details</h2>\n";
		$userform .= "{$_SESSION['errormsg']}";
		$userform .= "<div class='userinfo'>\n<p><label>Real name:<br /><input type='text' size='50' name=\"user[name]\"  value=\"\" /></label></p>\n";
		$userform .= "<p><label>Username:<br /><input type=\"text\" size=\"50\" name=\"user[user]\" value=\"\" /></label></p>\n";
		$userform .= "<p><label>Password:<br /><input type='password' size='50' name=\"user[password_current]\" value=\"\" /></label></p>\n";
		$userform .= "<p><label>Password (confirm):<br /><input type='password' size='50' name=\"user[password_new]\" value=\"\" /></label></p>\n";
		$userform .= "<p><label>Email:<br /><input type='text' size='50' name=\"user[email]\" value=\"\" /></label></p>\n";
		$userform .= "<p><label>Level: {$levelsnote}<br />".makeUserLevelMenu("user[level]","",$cookieinfo['level'])."</label></p>\n</div>";	
		$userform .= "<input type='submit' value='Create new user' /><input type='hidden' name='action' value='SaveUser' /><input type='hidden' name=\"user[ID]\" value=\"{$newid}\" /><input type='hidden' name='newuser' value='TRUE' /></form>";
	} else {
		$userform .= "<form action='usermgr.php' method='post' class='clearbox'><h2>Edit user details</h2>\n";
		$userform .= "{$_SESSION['errormsg']}";
		foreach((array)$users as $user) { // skim through array to match right user ID
			if ($user['ID'] == $_REQUEST['id']) {
				$userform .= "<div class='userinfo'>\n<p><label>Real name:<br /><input type='text' size='50' name=\"user[name]\"  value=\"{$user[name]}\" /></label></p>\n";
				$userform .= "<p><label>Username:<br /><input type='text' size='50' name=\"user[user]\" value=\"{$user[user]}\" /></label></p>\n";
				$userform .= "<p><label>Password (current):<br /><input type='password' size='50' name=\"user[password_current]\" value=\"{$user[password]}\" /></label></p>\n";
				$userform .= "<p><label>Password (confirm again if changed):<br /><input type='password' size='50' name=\"user[password_new]\" value=\"\" /></label></p>\n";
				$userform .= "<p><label>Email:<br /><input type='text' size='50' name=\"user[email]\" value=\"{$user[email]}\" /></label></p>\n";
				$userform .= "<p><label>Level: {$levelsnote}<br />".makeUserLevelMenu("user[level]",$user['level'],$cookieinfo['level'])."</label></p>\n</div>";
				$userform .= "<input type='submit' value='Save changes' /><input type='hidden' name='action' value='SaveUser' /><input type='hidden' name=\"user[ID]\" value=\"{$user[ID]}\" /></form>";
			}
		}	
	}
	
	$_SESSION['errormsg'] = null;

	echo ($userform);
	
	break;

 case "SaveUser" :

	print_r($_POST);

	// validate user info
	  // if new password, the two must match and be the right length
	  if ($_POST[user]['password_new'] || $_POST['newuser'] == "TRUE") { // new password
	  	$newpasswordflag = "TRUE";
	  	if ($_POST[user]['password_new'] != $_POST[user]['password_current']) { 
	  		$errormsg .= "<p class='error'>Passwords do not match. Please enter the same new password in both boxes.</p>";
	  	}
	  	if (strlen($_POST[user]['password_new'])<4) { 
	  		$errormsg .= "<p class='error'>New password was too short. Must be 4 characters or more.</p>";
	  	}	  
	  }
	  
	 // username must be the right length
	 if (strlen($_POST[user]['user'])<4) { 
		$errormsg .= "<p class='error'>Username too short. Must be 4 characters or more.</p>";
	 }	  

	 // access level must be specified
	 if (strlen($_POST[user]['level'])<1) { 
		$errormsg .= "<p class='error'>Please select a level of access privileges for this user.</p>";
	 }	  
	
	if (!$errormsg) {
		$outputusers .= "<?php /*\nuser\tname\tID\tpassword\temail\tlevel\tblank\n";
		
		foreach((array)$users as $user) {
			if ($user['ID'] == $_POST[user]['ID']) {
				$outputusers .= strtolower(trim($_POST[user]['user'])) . "\t" . trim($_POST[user]['name']) . "\t" . $_POST[user]['ID'] . "\t" . trim($_POST[user]['password_current']) . "\t" . trim($_POST[user]['email']) . "\t" . $_POST[user]['level'] . "\t\n";			
			} else {
				$outputusers .= $user['user'] . "\t" . $user['name'] . "\t" . $user['ID'] . "\t" . $user['password'] . "\t" . $user['email'] . "\t" . $user['level'] . "\t\n";
			}
		}
		
		if ($_POST['newuser'] == "TRUE") { // add new user
				$outputusers .= strtolower(trim($_POST[user]['user'])) . "\t" . trim($_POST[user]['name']) . "\t" . $_POST[user]['ID'] . "\t" . trim($_POST[user]['password_current']) . "\t" . trim($_POST[user]['email']) . "\t" . $_POST[user]['level'] . "\t\n";			
		}
		
		$outputusers .= "*/ ?>";	
		
		$saved = saveFile('users.inc.php',$outputusers);
		
		if ($saved) {
			$_SESSION['statusmsg'] = "The user details were saved.";
			header("Location: usermgr.php");
		} else {
			$_SESSION['statusmsg'] = "Sorry, the user details could not be saved.";
			header("Location: usermgr.php");
		}

	} else {
		$_SESSION['errormsg'] = $errormsg;
		
		if ($_POST['newuser'] == "TRUE") {
			header("Location: usermgr.php?action=EditUser&id=new");	
		} else {
			header("Location: usermgr.php?action=EditUser&id=".$_POST[user]['ID']);
		}
	}
	
	break;	
	
  case "DeleteUser" :

		$outputusers .= "<?php /*\nuser\tname\tID\tpassword\temail\tlevel\tblank\n";
		foreach((array)$users as $user) {
			if ($user['ID'] != $_REQUEST['id']) {
				$outputusers .= $user['user'] . "\t" . $user['name'] . "\t" . $user['ID'] . "\t" . $user['password'] . "\t" . $user['email'] . "\t" . $user['level'] . "\t\n";
			}
		}
		$outputusers .= "*/ ?>";	
		
		$saved = saveFile('users.inc.php',$outputusers);
		
		if ($saved) {
			$_SESSION['statusmsg'] = "The user details were deleted.";
			header("Location: usermgr.php");
		} else {
			$_SESSION['statusmsg'] = "Sorry, the user details could not be deleted.";
			header("Location: usermgr.php");
		}	
	
	break;
	
  default : // show user list

	$_SESSION['statusmsg'] = null;

	$usertable .= "<table id='users'>\n<thead><th>Username:</th><th>Email:</th><th>Access Level:</th><th>Options:</th></thead>\n<tbody>\n";
	
	foreach((array)$users as $user) {
		if($user['level']>8 && $cookieinfo['level']<9) { // a lower level user looking at a top level user
			$usertable .= "<tr class='user'><td>{$user['user']} ({$user['name']})</td><td>{$user['email']}</td><td>{$user['level']}</td><td>
			<form action=\"usermgr.php?action=EditUser&id={$user['ID']}\" method='post'><input type='submit' disabled='disabled' value='Edit details' /></form>
			&nbsp; <form action=\"usermgr.php?action=DeleteUser&id={$user['ID']}\" method='post'><input type='submit' disabled='disabled' onclick=\"return confirmSubmit('Are you sure you want to permanently delete this user?');\" value='Delete user' /></form>
			</td></tr>\n";			
		} else {
			$usertable .= "<tr class='user'><td>{$user['user']} ({$user['name']})</td><td>{$user['email']}</td><td>{$user['level']}</td><td>
			<form action=\"usermgr.php?action=EditUser&id={$user['ID']}\" method='post'><input type='submit' value='Edit details' /></form>
			&nbsp; <form action=\"usermgr.php?action=DeleteUser&id={$user['ID']}\" method='post'><input type='submit' onclick=\"return confirmSubmit('Are you sure you want to permanently delete this user?');\" value='Delete user' /></form>
			</td></tr>\n";		
		}
	}
	$usertable .= "</tbody>\n</table>\n";
	
	$html = "
	<div class='clearbox'>
	<h2>Current users</h2>
	<br />
	{$usertable}
	<br />
	<h2 id='surveylink'>New user</h2>
	<form action=\"usermgr.php?action=EditUser&id=new\" method='post'><br /><input type='submit' value='Create new user' /></form>
	</div>
	";
	
	echo ($html);
			
   break;
	
}

echo ("<!-- ");
//print_r($users);
echo (" -->");

include('includes/footer.php');


?>
Return current item: AskPeople-Free PHP survey application