--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+$userId = $_GET['id'];\r
+\r
+//Check if selected user exists\r
+if(!userIdExists($userId)){\r
+ header("Location: admin_users.php"); die();\r
+}\r
+\r
+$userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{ \r
+ //Delete selected account\r
+ if(!empty($_POST['delete'])){\r
+ $deletions = $_POST['delete'];\r
+ if ($deletion_count = deleteUsers($deletions)) {\r
+ $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ else\r
+ {\r
+ //Update display name\r
+ if ($userdetails['display_name'] != $_POST['display']){\r
+ $displayname = trim($_POST['display']);\r
+ \r
+ //Validate display name\r
+ if(displayNameExists($displayname))\r
+ {\r
+ $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));\r
+ }\r
+ elseif(minMaxRange(5,25,$displayname))\r
+ {\r
+ $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT",array(5,25));\r
+ }\r
+ elseif(!ctype_alnum($displayname)){\r
+ $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
+ }\r
+ else {\r
+ if (updateDisplayName($userId, $displayname)){\r
+ $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ }\r
+ else {\r
+ $displayname = $userdetails['display_name'];\r
+ }\r
+ \r
+ //Activate account\r
+ if(isset($_POST['activate']) && $_POST['activate'] == "activate"){\r
+ if (setUserActive($userdetails['activation_token'])){\r
+ $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Update email\r
+ if ($userdetails['email'] != $_POST['email']){\r
+ $email = trim($_POST["email"]);\r
+ \r
+ //Validate email\r
+ if(!isValidEmail($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
+ }\r
+ elseif(emailExists($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));\r
+ }\r
+ else {\r
+ if (updateEmail($userId, $email)){\r
+ $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ \r
+ //Update title\r
+ if ($userdetails['title'] != $_POST['title']){\r
+ $title = trim($_POST['title']);\r
+ \r
+ //Validate title\r
+ if(minMaxRange(1,50,$title))\r
+ {\r
+ $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
+ }\r
+ else {\r
+ if (updateTitle($userId, $title)){\r
+ $successes[] = lang("ACCOUNT_TITLE_UPDATED", array ($displayname, $title));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ \r
+ //Remove permission level\r
+ if(!empty($_POST['removePermission'])){\r
+ $remove = $_POST['removePermission'];\r
+ if ($deletion_count = removePermission($remove, $userId)){\r
+ $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array ($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ if(!empty($_POST['addPermission'])){\r
+ $add = $_POST['addPermission'];\r
+ if ($addition_count = addPermission($add, $userId)){\r
+ $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ $userdetails = fetchUserDetails(NULL, NULL, $userId);\r
+ }\r
+}\r
+\r
+$userPermission = fetchUserPermissions($userId);\r
+$permissionData = fetchAllPermissions();\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin User</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminUser' action='".$_SERVER['PHP_SELF']."?id=".$userId."' method='post'>\r
+<table class='admin'><tr><td>\r
+<h3>User Information</h3>\r
+<div id='regbox'>\r
+<p>\r
+<label>ID:</label>\r
+".$userdetails['id']."\r
+</p>\r
+<p>\r
+<label>Username:</label>\r
+".$userdetails['user_name']."\r
+</p>\r
+<p>\r
+<label>Display Name:</label>\r
+<input type='text' name='display' value='".$userdetails['display_name']."' />\r
+</p>\r
+<p>\r
+<label>Email:</label>\r
+<input type='text' name='email' value='".$userdetails['email']."' />\r
+</p>\r
+<p>\r
+<label>Active:</label>";\r
+\r
+//Display activation link, if account inactive\r
+if ($userdetails['active'] == '1'){\r
+ echo "Yes"; \r
+}\r
+else{\r
+ echo "No\r
+ </p>\r
+ <p>\r
+ <label>Activate:</label>\r
+ <input type='checkbox' name='activate' id='activate' value='activate'>\r
+ ";\r
+}\r
+\r
+echo "\r
+</p>\r
+<p>\r
+<label>Title:</label>\r
+<input type='text' name='title' value='".$userdetails['title']."' />\r
+</p>\r
+<p>\r
+<label>Sign Up:</label>\r
+".date("j M, Y", $userdetails['sign_up_stamp'])."\r
+</p>\r
+<p>\r
+<label>Last Sign In:</label>";\r
+\r
+//Last sign in, interpretation\r
+if ($userdetails['last_sign_in_stamp'] == '0'){\r
+ echo "Never"; \r
+}\r
+else {\r
+ echo date("j M, Y", $userdetails['last_sign_in_stamp']);\r
+}\r
+\r
+echo "\r
+</p>\r
+<p>\r
+<label>Delete:</label>\r
+<input type='checkbox' name='delete[".$userdetails['id']."]' id='delete[".$userdetails['id']."]' value='".$userdetails['id']."'>\r
+</p>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Update' class='submit' />\r
+</p>\r
+</div>\r
+</td>\r
+<td>\r
+<h3>Permission Membership</h3>\r
+<div id='regbox'>\r
+<p>Remove Permission:";\r
+\r
+//List of permission levels user is apart of\r
+foreach ($permissionData as $v1) {\r
+ if(isset($userPermission[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
+ }\r
+}\r
+\r
+//List of permission levels user is not apart of\r
+echo "</p><p>Add Permission:";\r
+foreach ($permissionData as $v1) {\r
+ if(!isset($userPermission[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+</tr>\r
+</table>\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r