/**
* Update user by ID - if id is empty add new user!
*/
function updateUserById($userModDetails)
{
global $db;
# get variables from config file
$database = new database($db['host'], $db['user'], $db['pass'], $db['name']);
# open db connection
# replace special chars
$userModDetails['groups'] = mysqli_real_escape_string($database, $userModDetails['groups']);
# set query - add or edit user
if (empty($userModDetails['userId'])) {
# custom fields
$myFields = getCustomUserFields();
$myFieldsInsert['query'] = '';
$myFieldsInsert['values'] = '';
if (sizeof($myFields) > 0) {
/* set inserts for custom */
foreach ($myFields as $myField) {
$myFieldsInsert['query'] .= ', `' . $myField['name'] . '`';
$myFieldsInsert['values'] .= ", '" . $userModDetails[$myField['name']] . "'";
}
}
$query = "insert into users ";
$query .= "(`username`, `password`, `role`, `real_name`, `email`, `domainUser`,`groups`,`lang` {$myFieldsInsert['query']}) values ";
$query .= "('{$userModDetails['username']}', '{$userModDetails['password1']}', '{$userModDetails['role']}', '{$userModDetails['real_name']}', '{$userModDetails['email']}', '{$userModDetails['domainUser']}','{$userModDetails['groups']}','{$userModDetails['lang']}' {$myFieldsInsert['values']});";
} else {
# custom fields
$myFields = getCustomUserFields();
$myFieldsInsert['query'] = '';
if (sizeof($myFields) > 0) {
/* set inserts for custom */
foreach ($myFields as $myField) {
$myFieldsInsert['query'] .= ', `' . $myField['name'] . '` = \'' . $userModDetails[$myField['name']] . '\' ';
}
}
$query = "update users set ";
$query .= "`username` = '{$userModDetails['username']}', ";
if (strlen($userModDetails['password1']) != 0) {
$query .= "`password` = '{$userModDetails['password1']}', ";
}
$query .= "`role` = '{$userModDetails['role']}', `real_name`= '{$userModDetails['real_name']}', `email` = '{$userModDetails['email']}', `domainUser`= '{$userModDetails['domainUser']}', `lang`= '{$userModDetails['lang']}', `groups`='" . $userModDetails['groups'] . "' ";
$query .= $myFieldsInsert['query'];
$query .= "where `id` = '{$userModDetails['userId']}';";
}
$log = prepareLogFromArray($userModDetails);
# prepare log
/* execute */
try {
$database->executeQuery($query);
} catch (Exception $e) {
$error = $e->getMessage();
}
# ok
if (!isset($error)) {
updateLogTable('User ' . $userModDetails['username'] . ' updated ok', $log, 1);
# write success log
return true;
} else {
print "<div class='alert alert-error'>" . _("Cannot {$userModDetails['action']} user") . "!<br><strong>" . _('Error') . "</strong>: {$error}</div>";
updateLogTable('Cannot modify user ' . $userModDetails['username'], $log, 2);
# write error log
return false;
}
}
if ($userModDetails['action'] == "edit") {
$errors = verifyUserModInput($userModDetails);
} else {
if ($userModDetails['action'] == "delete") {
if (!deleteUserById($userModDetails['userId'], $userModDetails['username'])) {
print '<div class="alert alert-error>' . _('Cannot delete user') . ' ' . $userModDetails['username'] . '!</div>"';
} else {
print '<div class="alert alert-success">' . _('User deleted successfully') . '!</div>';
}
//stop script execution
die;
}
}
}
//custom
$myFields = getCustomUserFields();
if (sizeof($myFields) > 0) {
foreach ($myFields as $myField) {
# replace possible ___ back to spaces!
$myField['nameTest'] = str_replace(" ", "___", $myField['name']);
if (isset($_POST[$myField['nameTest']])) {
$userModDetails[$myField['name']] = $userModDetails[$myField['nameTest']];
}
}
}
/**
* Create array of permitted networks
*/
if ($userModDetails['role'] == "Administrator") {
$userModDetails['groups'] = "";
} else {
<?php
/**
* Script to print add / edit / delete users
*************************************************/
/* required functions */
require_once '../../functions/functions.php';
/* verify that user is admin */
checkAdmin();
/* get all settings */
$settings = getAllSettings();
/* get custom fields */
$custom = getCustomUserFields();
/* get languages */
$langs = getLanguages();
?>
<!-- header -->
<div class="pHeader">
<?php
/**
* If action is not set get it form post variable!
*/
if (!$action) {
$action = $_POST['action'];
$id = $_POST['id'];
//fetch all requested userdetails
$user = getUserDetailsById($id);
if (!empty($user['real_name'])) {
print _("{$action} user") . ' ' . $user['real_name'];
