git.ucc.asn.au / matches / MCTX3420.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'users'
[matches/MCTX3420.git] / testing / MCTXWeb / public_html / users / admin_user.php
1 <?php\r
2 /*\r
3 UserCake Version: 2.0.2\r
4 http://usercake.com\r
5 */\r
6 \r
7 require_once("models/config.php");\r
8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
9 $userId = $_GET['id'];\r
10 \r
11 //Check if selected user exists\r
12 if(!userIdExists($userId)){\r
13         header("Location: admin_users.php"); die();\r
14 }\r
15 \r
16 $userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details\r
17 \r
18 //Forms posted\r
19 if(!empty($_POST))\r
20 {       \r
21         //Delete selected account\r
22         if(!empty($_POST['delete'])){\r
23                 $deletions = $_POST['delete'];\r
24                 if ($deletion_count = deleteUsers($deletions)) {\r
25                         $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
26                 }\r
27                 else {\r
28                         $errors[] = lang("SQL_ERROR");\r
29                 }\r
30         }\r
31         else\r
32         {\r
33                 //Update display name\r
34                 if ($userdetails['display_name'] != $_POST['display']){\r
35                         $displayname = trim($_POST['display']);\r
36                         \r
37                         //Validate display name\r
38                         if(displayNameExists($displayname))\r
39                         {\r
40                                 $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));\r
41                         }\r
42                         elseif(minMaxRange(5,25,$displayname))\r
43                         {\r
44                                 $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT",array(5,25));\r
45                         }\r
46                         elseif(!ctype_alnum($displayname)){\r
47                                 $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
48                         }\r
49                         else {\r
50                                 if (updateDisplayName($userId, $displayname)){\r
51                                         $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));\r
52                                 }\r
53                                 else {\r
54                                         $errors[] = lang("SQL_ERROR");\r
55                                 }\r
56                         }\r
57                         \r
58                 }\r
59                 else {\r
60                         $displayname = $userdetails['display_name'];\r
61                 }\r
62                 \r
63                 //Activate account\r
64                 if(isset($_POST['activate']) && $_POST['activate'] == "activate"){\r
65                         if (setUserActive($userdetails['activation_token'])){\r
66                                 $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));\r
67                         }\r
68                         else {\r
69                                 $errors[] = lang("SQL_ERROR");\r
70                         }\r
71                 }\r
72                 \r
73                 //Update email\r
74                 if ($userdetails['email'] != $_POST['email']){\r
75                         $email = trim($_POST["email"]);\r
76                         \r
77                         //Validate email\r
78                         if(!isValidEmail($email))\r
79                         {\r
80                                 $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
81                         }\r
82                         elseif(emailExists($email))\r
83                         {\r
84                                 $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));\r
85                         }\r
86                         else {\r
87                                 if (updateEmail($userId, $email)){\r
88                                         $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
89                                 }\r
90                                 else {\r
91                                         $errors[] = lang("SQL_ERROR");\r
92                                 }\r
93                         }\r
94                 }\r
95                 \r
96                 //Update title\r
97                 if ($userdetails['title'] != $_POST['title']){\r
98                         $title = trim($_POST['title']);\r
99                         \r
100                         //Validate title\r
101                         if(minMaxRange(1,50,$title))\r
102                         {\r
103                                 $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
104                         }\r
105                         else {\r
106                                 if (updateTitle($userId, $title)){\r
107                                         $successes[] = lang("ACCOUNT_TITLE_UPDATED", array ($displayname, $title));\r
108                                 }\r
109                                 else {\r
110                                         $errors[] = lang("SQL_ERROR");\r
111                                 }\r
112                         }\r
113                 }\r
114                 \r
115                 //Remove permission level\r
116                 if(!empty($_POST['removePermission'])){\r
117                         $remove = $_POST['removePermission'];\r
118                         if ($deletion_count = removePermission($remove, $userId)){\r
119                                 $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array ($deletion_count));\r
120                         }\r
121                         else {\r
122                                 $errors[] = lang("SQL_ERROR");\r
123                         }\r
124                 }\r
125                 \r
126                 if(!empty($_POST['addPermission'])){\r
127                         $add = $_POST['addPermission'];\r
128                         if ($addition_count = addPermission($add, $userId)){\r
129                                 $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));\r
130                         }\r
131                         else {\r
132                                 $errors[] = lang("SQL_ERROR");\r
133                         }\r
134                 }\r
135                 \r
136                 $userdetails = fetchUserDetails(NULL, NULL, $userId);\r
137         }\r
138 }\r
139 \r
140 $userPermission = fetchUserPermissions($userId);\r
141 $permissionData = fetchAllPermissions();\r
142 \r
143 require_once("models/header.php");\r
144 startPage();\r
145 \r
146 echo notificationBlock($errors,$successes);\r
147 \r
148 echo "\r
149 <div class='widget'><div class='title centre'>User administration</div>";\r
150 \r
151 echo "\r
152 <form name='adminUser' action='".$_SERVER['PHP_SELF']."?id=".$userId."' method='post'>\r
153 <table class='admin'><tr><td>\r
154 <div id='regbox'>\r
155 <p>\r
156 <label>ID:</label>\r
157 ".$userdetails['id']."\r
158 </p>\r
159 <p>\r
160 <label>Username:</label>\r
161 ".$userdetails['user_name']."\r
162 </p>\r
163 <p>\r
164 <label>Display Name:</label>\r
165 <input type='text' name='display' value='".$userdetails['display_name']."' />\r
166 </p>\r
167 <p>\r
168 <label>Email:</label>\r
169 <input type='text' name='email' value='".$userdetails['email']."' />\r
170 </p>\r
171 <p>\r
172 <label>Active: </label>";\r
173 \r
174 //Display activation link, if account inactive\r
175 if ($userdetails['active'] == '1'){\r
176         echo "Yes";     \r
177 }\r
178 else{\r
179         echo "No\r
180         </p>\r
181         <p>\r
182         <label>Activate:</label>\r
183         <input type='checkbox' name='activate' id='activate' value='activate'>\r
184         ";\r
185 }\r
186 \r
187 echo "\r
188 </p>\r
189 <p>\r
190 <label>Title:</label>\r
191 <input type='text' name='title' value='".$userdetails['title']."' />\r
192 </p>\r
193 <p>\r
194 <label>Sign Up:</label>\r
195 ".date("j M, Y", $userdetails['sign_up_stamp'])."\r
196 </p>\r
197 <p>\r
198 <label>Last Sign In: </label>";\r
199 \r
200 //Last sign in, interpretation\r
201 if ($userdetails['last_sign_in_stamp'] == '0'){\r
202         echo "Never";   \r
203 }\r
204 else {\r
205         echo date("j M, Y", $userdetails['last_sign_in_stamp']);\r
206 }\r
207 \r
208 echo "\r
209 </p>\r
210 <p>\r
211 <label>Delete:</label>\r
212 <input type='checkbox' name='delete[".$userdetails['id']."]' id='delete[".$userdetails['id']."]' value='".$userdetails['id']."'>\r
213 </p>\r
214 <p>\r
215 <label>&nbsp;</label>\r
216 <input type='submit' value='Update' class='submit' />\r
217 </p>\r
218 </div>\r
219 </td>\r
220 <td>\r
221 <h3>Permission Membership</h3>\r
222 <div id='regbox'>\r
223 <p>Remove Permission:";\r
224 \r
225 //List of permission levels user is apart of\r
226 foreach ($permissionData as $v1) {\r
227         if(isset($userPermission[$v1['id']])){\r
228                 echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
229         }\r
230 }\r
231 \r
232 //List of permission levels user is not apart of\r
233 echo "</p><p>Add Permission:";\r
234 foreach ($permissionData as $v1) {\r
235         if(!isset($userPermission[$v1['id']])){\r
236                 echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
237         }\r
238 }\r
239 \r
240 echo"\r
241 </p>\r
242 </div>\r
243 </td>\r
244 </tr>\r
245 </table>\r
246 </form>\r
247 </div>\r
248 ";\r
249 \r
250 finishPage();\r
251 \r
252 ?>\r
Repository for MCTX3420 2013 Project, Team 4

UCC git Repository :: git.ucc.asn.au