exit;
} else {
if ($_REQUEST['domain_mode'] == 'change_owner_now') {
// CHANGE OWNERSHIP
// make sure the email addresses are in in the database
$owner_id = get_cid(strtolower($_REQUEST['email_address']));
$q = "select 'Email' from accounts where cid='{$owner_id}'";
$stmt = $pdo->query($q) or die(print_r($pdo->errorInfo()));
if ($stmt->rowCount() == 0) {
set_msg_err("Error: " . $_REQUEST['email_address'] . " is not in the database");
$smarty->display('header.tpl');
$smarty->display('footer.tpl');
exit;
}
if ($user_info['Account_Type'] == 'senior_admin' && isset($_REQUEST['group_email_address']) && $_REQUEST['group_email_address'] != '') {
$group_owner_id = get_cid(strtolower($_REQUEST['group_email_address']));
$q = "select 'Email' from accounts where cid='{$group_owner_id}' and Account_Type='group_admin'";
$stmt = $pdo->query($q) or die(print_r($pdo->errorInfo()));
if ($stmt->rowCount() == 0) {
set_msg_err("Error: " . $_REQUEST['group_email_address'] . " is not in the database, or their Account_Type is not 'group_admin'");
$smarty->display('header.tpl');
require 'src/change_owner.php';
$smarty->display('footer.tpl');
exit;
}
$change_group = 1;
}
$q = "update domains set owner_id='{$owner_id}'";
if ($change_group == 1) {
$q .= ", group_owner_id = '{$group_owner_id}'";
}
// Check data
require 'src/check_account_data.php';
// Update records
$q = "update accounts set ";
if (isset($new_gid) && $new_gid != NULL) {
$q .= "gid='{$new_gid}', ";
}
$q .= "\n\n First_Name='" . mysql_escape_string($_REQUEST['first_name']) . "',\n Last_Name='" . mysql_escape_string($_REQUEST['last_name']) . "',\n Phone='" . mysql_escape_string($_REQUEST['phone']) . "',\n Email='" . mysql_escape_string(strtolower($_REQUEST['email_address'])) . "'";
if ($_REQUEST['password'] != "") {
$q .= ", Password='******'password']) . "'";
}
if ($user_info['Account_Type'] == 'senior_admin') {
$q .= ", Account_Type='" . $_REQUEST['account_type'] . "'";
$q .= ", Status='" . $_REQUEST['status'] . "'";
}
$q .= " where cid='" . get_cid($account_info['Email']) . "'";
mysql_query($q) or die(mysql_error());
// Update email in active sessions if necessary
if ($account_info['Email'] != strtolower($_REQUEST['email_address'])) {
$q = "update active_sessions set Email='" . strtolower($_REQUEST['email_address']) . "' where Email='" . $account_info['Email'] . "'";
mysql_query($q) or die(mysql_error());
}
set_msg("Account edited successfully");
header("Location: {$base_url}");
exit;
} else {
if ($_REQUEST['user_mode'] == 'add_account') {
// Make sure this is a senior admin
if ($user_info['Account_Type'] != 'senior_admin' && $user_info['Account_Type'] != 'group_admin') {
set_msg_err("Error: you do not have the rights to add a user");
$smarty->display('header.tpl');
}
if (!check_email_format($_REQUEST['email_address'])) {
set_msg_err("Error: invalid email address");
$smarty->display('header.tpl');
require 'src/account_form.php';
$smarty->display('footer.tpl');
exit;
}
// If the email address is changing, check that it's not already in use
if ($account_info['Email'] != strtolower($_REQUEST['email_address'])) {
$q = mysql_query("select Email from accounts where Email='" . mysql_escape_string(strtolower($_REQUEST['email_address'])) . "'");
$email_rows = mysql_num_rows($q);
if ($email_rows > 0) {
set_msg_err("Error: email address already in use");
$smarty->display('header.tpl');
require 'src/account_form.php';
$smarty->display('footer.tpl');
exit;
}
}
if ($_REQUEST['password'] != $_REQUEST['password2']) {
set_msg_err("Error: passwords do not match");
$smarty->display('header.tpl');
require 'src/account_form.php';
$smarty->display('footer.tpl');
exit;
}
// group owner change stuff
if ($user_info['Account_Type'] == 'senior_admin' && strlen($_REQUEST['group_email_address']) > 0) {
$new_gid = get_cid($_REQUEST['group_email_address']);
}
