public static function render_page_process($PATH)
{
if (isset($_POST['register_password']) && isset($_POST['register_password_confirm']) && isset($_POST['old_password'])) {
$matching_user = phoromatic_server::$db->querySingle('SELECT Password FROM phoromatic_users WHERE UserName = \'' . $_SESSION['UserName'] . '\' AND AccountID = \'' . $_SESSION['AccountID'] . '\'', true);
if (!empty($matching_user)) {
$hashed_password = $matching_user['Password'];
$account_salt = phoromatic_server::$db->querySingle('SELECT Salt FROM phoromatic_accounts WHERE AccountID = \'' . $_SESSION['AccountID'] . '\'');
if ($account_salt != null && hash('sha256', $account_salt . $_POST['old_password']) == $hashed_password) {
if (strlen($_POST['register_password']) < 6) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password is at least six characters long.');
return false;
}
if ($_POST['register_password'] != $_POST['register_password_confirm']) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password matches the password confirmation.');
return false;
}
$new_salted_password = hash('sha256', $account_salt . $_POST['register_password']);
phoromatic_server::$db->exec('UPDATE phoromatic_users SET Password = \'' . $new_salted_password . '\' WHERE UserName = "******"');
echo '<h1>Password Updated!</h1>';
} else {
phoromatic_error_page('Oops!', 'The original password does not match the records for this account.');
return false;
}
} else {
phoromatic_error_page('Oops!', 'Problem fetching user information. Try again.');
return false;
}
}
echo phoromatic_webui_header_logged_in();
$main = '<h1>Change Password</h1>
<form name="reset_password" id="reset_password" action="?password" method="post" onsubmit="return phoromatic_password_reset(this);">
<div style="clear: both;">
<div style="float: left; font-weight: bold; padding-right: 10px;">
<p style="height: 50px;">Password</p>
<p style="height: 50px;">New Password</p>
<p style="height: 50px;">Confirm New Password</p>
</div>
<div style="float: left;">
<p style="height: 50px;"><input type="password" name="old_password" /></p>
<p style="height: 50px;"><input type="password" name="register_password" /> <sup>1</sup></p>
<p style="height: 50px;"><input type="password" name="register_password_confirm" /></p>
<p style="height: 50px;"><input type="submit" value="Change Password" /></p>
</div>
</div>
<p style="clear: both;"><sup>1</sup> Passwords shall be at least six characters long.</p>';
echo phoromatic_webui_main($main, phoromatic_webui_right_panel_logged_in());
echo phoromatic_webui_footer();
}
public static function render_page_process($PATH)
{
$account_creation_string = phoromatic_server::read_setting('account_creation_alt');
$account_creation_enabled = $account_creation_string == null;
if ($account_creation_enabled && isset($_POST['register_username']) && isset($_POST['register_password']) && isset($_POST['register_password_confirm']) && isset($_POST['register_email'])) {
$new_account = create_new_phoromatic_account($_POST['register_username'], $_POST['register_password'], $_POST['register_password_confirm'], $_POST['register_email'], isset($_POST['seed_accountid']) ? $_POST['seed_accountid'] : null);
if ($new_account) {
echo phoromatic_webui_header(array('Account Created'), '');
$box = '<h1>Account Created</h1>
<p>Your account has been created. You may now log-in to begin utilizing the Phoronix Test Suite\'s Phoromatic.</p>
<form name="login_form" id="login_form" action="?login" method="post" onsubmit="return phoromatic_login(this);">
<p><div style="width: 200px; font-weight: bold; float: left;">User:</div> <input type="text" name="username" /></p>
<p><div style="width: 200px; font-weight: bold; float: left;">Password:</div> <input type="password" name="password" /></p>
<p><div style="width: 200px; font-weight: bold; float: left;"> </div> <input type="submit" value="Submit" /></p>
</form>';
echo phoromatic_webui_box($box);
echo phoromatic_webui_footer();
}
} else {
if (isset($_POST['username']) && isset($_POST['password']) && strtolower($_POST['username']) == 'rootadmin') {
$admin_pw = phoromatic_server::read_setting('root_admin_pw');
if (empty($admin_pw)) {
echo phoromatic_webui_header(array('Action Required'), '');
$box = '<h1>Root Admin Password Not Set</h1>
<p>The root admin password has not yet been set for this system. It can be set by running on the system: <strong>phoronix-test-suite phoromatic.set-root-admin-password</strong>.</p>';
echo phoromatic_webui_box($box);
echo phoromatic_webui_footer();
return false;
} else {
if (hash('sha256', 'PTS' . $_POST['password']) != $admin_pw) {
echo phoromatic_webui_header(array('Invalid Password'), '');
$box = '<h1>Root Admin Password Incorrect</h1>
<p>The root admin password is incorrect.</p>';
echo phoromatic_webui_box($box);
echo phoromatic_webui_footer();
return false;
} else {
session_regenerate_id();
$_SESSION['UserID'] = 0;
$_SESSION['UserName'] = '******';
$_SESSION['AccountID'] = 0;
$_SESSION['AdminLevel'] = -40;
$_SESSION['CreatedOn'] = null;
$_SESSION['CoreVersionOnSignOn'] = PTS_CORE_VERSION;
session_write_close();
header('Location: /?admin');
}
}
} else {
if (isset($_POST['username']) && isset($_POST['password'])) {
$matching_user = phoromatic_server::$db->querySingle('SELECT UserName, Password, AccountID, UserID, AdminLevel, CreatedOn FROM phoromatic_users WHERE UserName = \'' . SQLite3::escapeString($_POST['username']) . '\'', true);
if (!empty($matching_user)) {
$user_id = $matching_user['UserID'];
$created_on = $matching_user['CreatedOn'];
$user = $matching_user['UserName'];
$hashed_password = $matching_user['Password'];
$account_id = $matching_user['AccountID'];
$admin_level = $matching_user['AdminLevel'];
if ($admin_level < 1) {
pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' attempted to log-in to a disabled account: ' . $_POST['username']);
phoromatic_error_page('Disabled Account', 'The log-in is not possible as this account has been disabled.');
return false;
}
if ($user == $_POST['username']) {
$account_salt = phoromatic_server::$db->querySingle('SELECT Salt FROM phoromatic_accounts WHERE AccountID = \'' . $account_id . '\'');
} else {
$account_salt = null;
}
if ($account_salt != null && hash('sha256', $account_salt . $_POST['password']) == $hashed_password) {
session_regenerate_id();
$_SESSION['UserID'] = $user_id;
$_SESSION['UserName'] = $user;
$_SESSION['AccountID'] = $account_id;
$_SESSION['AdminLevel'] = $admin_level;
$_SESSION['CreatedOn'] = $created_on;
$_SESSION['CoreVersionOnSignOn'] = PTS_CORE_VERSION;
$account_salt = phoromatic_server::$db->exec('UPDATE phoromatic_users SET LastIP = \'' . $_SERVER['REMOTE_ADDR'] . '\', LastLogin = \'' . phoromatic_server::current_time() . '\' WHERE UserName = "******"');
session_write_close();
pts_file_io::mkdir(phoromatic_server::phoromatic_account_path($account_id));
pts_file_io::mkdir(phoromatic_server::phoromatic_account_result_path($account_id));
pts_file_io::mkdir(phoromatic_server::phoromatic_account_system_path($account_id));
pts_file_io::mkdir(phoromatic_server::phoromatic_account_suite_path($account_id));
echo phoromatic_webui_header(array('Welcome, ' . $user), '');
$box = '<h1>Log-In Successful</h1>
<p><strong>' . $user . '</strong>, we are now redirecting you to your account portal. If you are not redirected within a few seconds, please <a href="?main">click here</a>.<script type="text/javascript">window.location.href = "?main";</script></p>';
echo phoromatic_webui_box($box);
echo phoromatic_webui_footer();
pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' successfully logged in as user: '******'REMOTE_ADDR'] . ' failed a log-in attempt as: ' . $_POST['username']);
phoromatic_error_page('Invalid Information', 'The user-name or password did not match our records.');
return false;
}
} else {
pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' failed a log-in attempt as: ' . $_POST['username']);
phoromatic_error_page('Invalid Information', 'The user-name was not found within our system.');
return false;
}
} else {
echo phoromatic_webui_header(array(), '');
$box = '<h1>Welcome</h1>
<p>You must log-in to your Phoromatic account or create an account to access this service.</p>
<p>Phoromatic is the remote management and test orchestration system for the Phoronix Test Suite. Phoromatic allows the automatic scheduling of tests, remote installation of new tests, and the management of multiple test systems over a LAN or WAN all through an intuitive, easy-to-use web interface. Tests can be scheduled to automatically run on a routine basis across multiple test systems. The test results are then available from this central, secure location.</p>
<p>Phoromatic makes it very easy to provide for automated scheduling of tests on multiple systems, is extremely extensible, allows various remote testing possibilities, makes it very trivial to manage multiple systems, and centralizes result management within an organization.</p>
<p><a href="about.php">Learn more about Phoromatic</a>.</p>
<hr />
<h1>Log-In</h1>
<form name="login_form" id="login_form" action="?login" method="post" onsubmit="return phoromatic_login(this);">
<p><div style="width: 200px; font-weight: 500; float: left;">User:</div> <input type="text" name="username" /></p>
<p><div style="width: 200px; font-weight: 500; float: left;">Password:</div> <input type="password" name="password" /></p>
<p><div style="width: 200px; font-weight: 500; float: left;"> </div> <input type="submit" value="Submit" /></p>
</form>
<hr />
<h1>Register</h1>';
if (!empty($account_creation_string)) {
$box .= '<p>' . $account_creation_string . '</p>';
} else {
$box .= '
<p>Creating a new Phoromatic account is free and easy. The public, open-source version of the Phoronix Test Suite client is limited in its Phoromatic server abilities when it comes to result management and local storage outside of the OpenBenchmarking.org cloud. For organizations looking for behind-the-firewall support and other enterprise features, <a href="http://www.phoronix-test-suite.com/?k=commercial">contact us</a>. To create a new account for this Phoromatic server, simply fill out the form below.</p>';
$box .= '<form name="register_form" id="register_form" action="?register" method="post" onsubmit="return phoromatic_initial_registration(this);">
<div style="clear: both; font-weight: 500;">
<div style="float: left; width: 25%;">Username</div>
<div style="float: left; width: 25%;">Password</div>
<div style="float: left; width: 25%;">Confirm Password</div>
<div style="float: left; width: 25%;">Email Address</div>
</div>
<div style="clear: both;">
<div style="float: left; width: 25%;"><input type="hidden" name="seed_accountid" value="' . (isset($_GET['seed_accountid']) ? $_GET['seed_accountid'] : null) . '" /><input type="text" name="register_username" /> <sup>1</sup></div>
<div style="float: left; width: 25%;"><input type="password" name="register_password" /> <sup>2</sup></div>
<div style="float: left; width: 25%;"><input type="password" name="register_password_confirm" /></div>
<div style="float: left; width: 25%;"><input type="text" name="register_email" /> <sup>3</sup><br /><br /><input type="submit" value="Create Account" /></div>
</div>
</form>';
$box .= '<p style="font-size: 11px;"><sup>1</sup> Usernames shall be at least four characters long, not contain any spaces, and only be composed of normal ASCII characters.<br />
<sup>2</sup> Passwords shall be at least six characters long.<br />
<sup>3</sup> A valid email address is required for notifications, password reset, and other verification purposes.<br />
</p>';
}
$box .= '<hr />
<h1>View Public Results</h1>
<p>For accounts that opted to share their test results publicly, you can directly <a href="public.php">view the public test results</a>.</p><hr />';
echo phoromatic_webui_box($box);
echo phoromatic_webui_footer();
}
}
}
}
function create_new_phoromatic_account($register_username, $register_password, $register_password_confirm, $register_email, $seed_accountid = null)
{
// REGISTER NEW USER
if (strlen($register_username) < 4 || strpos($register_username, ' ') !== false) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied username is at least four characters long and contains no spaces.');
return false;
}
if (in_array(strtolower($register_username), array('admin', 'administrator', 'rootadmin'))) {
phoromatic_error_page('Oops!', $register_username . ' is a reserved and common username that may be used for other purposes, please make a different selection.');
return false;
}
if (strlen($register_password) < 6) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password is at least six characters long.');
return false;
}
if ($register_password != $register_password_confirm) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password matches the password confirmation.');
return false;
}
if ($register_email == null || filter_var($register_email, FILTER_VALIDATE_EMAIL) == false) {
phoromatic_error_page('Oops!', 'Please enter a valid email address.');
return false;
}
$valid_user_name_chars = '1234567890-_.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
for ($i = 0; $i < count($register_username); $i++) {
if (strpos($valid_user_name_chars, substr($register_username, $i, 1)) === false) {
phoromatic_error_page('Oops!', 'Please go back and ensure a valid user-name. The character <em>' . substr($register_username, $i, 1) . '</em> is not allowed.');
return false;
}
}
$matching_users = phoromatic_server::$db->querySingle('SELECT UserName FROM phoromatic_users WHERE UserName = \'' . SQLite3::escapeString($register_username) . '\'');
if (!empty($matching_users)) {
phoromatic_error_page('Oops!', 'The user-name is already taken.');
return false;
}
if (phoromatic_server::read_setting('add_new_users_to_account') != null) {
$account_id = phoromatic_server::read_setting('add_new_users_to_account');
$is_new_account = false;
} else {
$id_tries = 0;
do {
if ($id_tries == 0 && $seed_accountid != null && isset($seed_accountid[5])) {
$account_id = strtoupper(substr($seed_accountid, 0, 6));
} else {
$account_id = pts_strings::random_characters(6, true);
}
$matching_accounts = phoromatic_server::$db->querySingle('SELECT AccountID FROM phoromatic_accounts WHERE AccountID = \'' . $account_id . '\'');
$id_tries++;
} while (!empty($matching_accounts));
$is_new_account = true;
}
$user_id = pts_strings::random_characters(4, true);
if ($is_new_account) {
pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' created a new account: ' . $user_id . ' - ' . $account_id);
$account_salt = pts_strings::random_characters(12, true);
$stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_accounts (AccountID, ValidateID, CreatedOn, Salt) VALUES (:account_id, :validate_id, :current_time, :salt)');
$stmt->bindValue(':account_id', $account_id);
$stmt->bindValue(':validate_id', pts_strings::random_characters(4, true));
$stmt->bindValue(':salt', $account_salt);
$stmt->bindValue(':current_time', phoromatic_server::current_time());
$result = $stmt->execute();
$stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_account_settings (AccountID) VALUES (:account_id)');
$stmt->bindValue(':account_id', $account_id);
$result = $stmt->execute();
$stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_user_settings (UserID, AccountID) VALUES (:user_id, :account_id)');
$stmt->bindValue(':user_id', $user_id);
$stmt->bindValue(':account_id', $account_id);
$result = $stmt->execute();
} else {
pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' being added to an account: ' . $user_id . ' - ' . $account_id);
$account_salt = phoromatic_server::$db->querySingle('SELECT Salt FROM phoromatic_accounts WHERE AccountID = \'' . $account_id . '\'');
}
$salted_password = hash('sha256', $account_salt . $register_password);
$stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_users (UserID, AccountID, UserName, Email, Password, CreatedOn, LastIP, AdminLevel) VALUES (:user_id, :account_id, :user_name, :email, :password, :current_time, :last_ip, :admin_level)');
$stmt->bindValue(':user_id', $user_id);
$stmt->bindValue(':account_id', $account_id);
$stmt->bindValue(':user_name', $register_username);
$stmt->bindValue(':email', $register_email);
$stmt->bindValue(':password', $salted_password);
$stmt->bindValue(':last_ip', $_SERVER['REMOTE_ADDR']);
$stmt->bindValue(':current_time', phoromatic_server::current_time());
$stmt->bindValue(':admin_level', $is_new_account ? 1 : 10);
$result = $stmt->execute();
pts_file_io::mkdir(phoromatic_server::phoromatic_account_path($account_id));
phoromatic_server::send_email($register_email, 'Phoromatic Account Registration', ($e = phoromatic_server::read_setting('admin_support_email')) != null ? $e : '*****@*****.**', '<p><strong>' . $register_username . '</strong>:</p><p>Your Phoromatic account has been created and is now active.</p>');
return true;
}
public static function render_page_process($PATH)
{
if ($_SESSION['AdminLevel'] > 3) {
echo phoromatic_error_page('Unauthorized Access', 'You aren\'t an account administrator!');
return;
}
if (isset($_POST['group_name'])) {
$stmt = phoromatic_server::$db->prepare('UPDATE phoromatic_accounts SET GroupName = :group_name WHERE AccountID = :account_id');
$stmt->bindValue(':group_name', $_POST['group_name']);
$stmt->bindValue(':account_id', $_SESSION['AccountID']);
$result = $stmt->execute();
}
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirm_password']) && isset($_POST['email'])) {
// REGISTER NEW USER
if (strlen($_POST['username']) < 4 || strpos($_POST['username'], ' ') !== false) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied username is at least four characters long and contains no spaces.');
return false;
}
if (in_array(strtolower($_POST['username']), array('admin', 'administrator'))) {
phoromatic_error_page('Oops!', $_POST['username'] . ' is a reserved and common username that may be used for other purposes, please make a different selection.');
return false;
}
if (strlen($_POST['password']) < 6) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password is at least six characters long.');
return false;
}
if ($_POST['password'] != $_POST['confirm_password']) {
phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password matches the password confirmation.');
return false;
}
if ($_POST['email'] == null || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == false) {
phoromatic_error_page('Oops!', 'Please enter a valid email address.');
return false;
}
$valid_user_name_chars = '1234567890-_.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
for ($i = 0; $i < count($_POST['username']); $i++) {
if (strpos($valid_user_name_chars, substr($_POST['username'], $i, 1)) === false) {
phoromatic_error_page('Oops!', 'Please go back and ensure a valid user-name. The character <em>' . substr($_POST['username'], $i, 1) . '</em> is not allowed.');
return false;
}
}
$matching_users = phoromatic_server::$db->querySingle('SELECT UserName FROM phoromatic_users WHERE UserName = \'' . SQLite3::escapeString($_POST['username']) . '\'');
if (!empty($matching_users)) {
phoromatic_error_page('Oops!', 'The user-name is already taken.');
return false;
}
if (!isset($_POST['admin_level']) || $_POST['admin_level'] == 1 || !is_numeric($_POST['admin_level'])) {
phoromatic_error_page('Oops!', 'Invalid administration level.');
return false;
}
$stmt = phoromatic_server::$db->prepare('SELECT Salt FROM phoromatic_accounts WHERE AccountID = :account_id');
$stmt->bindValue(':account_id', $_SESSION['AccountID']);
$result = $stmt->execute();
$row = $result->fetchArray();
$account_salt = $row['Salt'];
$user_id = pts_strings::random_characters(4, true);
$salted_password = hash('sha256', $account_salt . $_POST['password']);
pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' created a new account: ' . $user_id . ' - ' . $_SESSION['AccountID']);
$stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_users (UserID, AccountID, UserName, Email, Password, CreatedOn, LastIP, AdminLevel) VALUES (:user_id, :account_id, :user_name, :email, :password, :current_time, :last_ip, :admin_level)');
$stmt->bindValue(':user_id', $user_id);
$stmt->bindValue(':account_id', $_SESSION['AccountID']);
$stmt->bindValue(':user_name', $_POST['username']);
$stmt->bindValue(':email', $_POST['email']);
$stmt->bindValue(':password', $salted_password);
$stmt->bindValue(':last_ip', $_SERVER['REMOTE_ADDR']);
$stmt->bindValue(':current_time', phoromatic_server::current_time());
$stmt->bindValue(':admin_level', $_POST['admin_level']);
$result = $stmt->execute();
$stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_user_settings (UserID, AccountID) VALUES (:user_id, :account_id)');
$stmt->bindValue(':user_id', $user_id);
$stmt->bindValue(':account_id', $_SESSION['AccountID']);
$result = $stmt->execute();
phoromatic_add_activity_stream_event('users', $_POST['username'], 'added');
}
if ($_SESSION['AdminLevel'] == 1 && isset($_POST['update_user_levels'])) {
foreach (explode(',', $_POST['update_user_levels']) as $user_id) {
if (isset($_POST['admin_level_' . $user_id]) && is_numeric($_POST['admin_level_' . $user_id])) {
$stmt = phoromatic_server::$db->prepare('UPDATE phoromatic_users SET AdminLevel = :admin_level WHERE AccountID = :account_id AND UserID = :user_id');
$stmt->bindValue(':admin_level', $_POST['admin_level_' . $user_id]);
$stmt->bindValue(':user_id', $user_id);
$stmt->bindValue(':account_id', $_SESSION['AccountID']);
$result = $stmt->execute();
}
}
}
$main = '<h2>Users</h2>
<p>Users associated with this account. Phoromatic users can be one of several tiers with varying privileges:</p>
<ol>
<li><strong>Group Administrator:</strong> The user with full control over the account, the one who originally signed up for the Phoromatic account.</li>
<li><strong>Administrator:</strong> Additional users created by the group administrator with the same access rights as the group administrator.</li>
<li><strong>Power Users:</strong> Additional users created by the group administrator with read/write/modify access to all standard Phoromatic functionality, aside from being able to create additional users.</li>
<li><strong>Viewer:</strong> Additional users created by the group administrator that have access to view data but not to create new schedules, alter system settings, etc.</li>
</ol>
<div class="pts_phoromatic_info_box_area">
<div style="margin: 0 20%;"><form action="' . $_SERVER['REQUEST_URI'] . '" name="edit_user" id="edit_user" method="post">
<ul>
<li><h1>All Users</h1></li>';
$stmt = phoromatic_server::$db->prepare('SELECT * FROM phoromatic_users WHERE AccountID = :account_id ORDER BY UserName ASC');
$stmt->bindValue(':account_id', $_SESSION['AccountID']);
$result = $stmt->execute();
$row = $result->fetchArray();
$user_ids = array();
do {
switch ($row['AdminLevel']) {
case 1:
$level = 'Group Administrator';
break;
case 2:
$level = 'Administrator';
break;
case 3:
$level = 'Power User';
break;
case 10:
$level = 'Viewer';
break;
default:
if ($row['AdminLevel'] < 1) {
$level = 'Disabled';
} else {
$level = 'Unknown';
}
break;
}
$main .= '<a href="#"><li>' . $row['UserName'] . '<br /><table><tr><td>';
if ($row['AdminLevel'] == 1 || $_SESSION['AdminLevel'] != 1) {
$main .= '<strong>' . $level . '</strong>';
} else {
$main .= '<select name="admin_level_' . $row['UserID'] . '">';
foreach (array($row['AdminLevel'] * -1 => 'Disabled', 2 => 'Administrator', 3 => 'Power User', 10 => 'Viewer') as $level_id => $level_string) {
$main .= '<option value="' . $level_id . '"' . ($row['AdminLevel'] == $level_id ? ' selected="selected"' : null) . '>' . $level_string . '</option>';
}
$main .= '</select>';
array_push($user_ids, $row['UserID']);
}
$main .= '</td><td>Last Login: '******'LastLogin']) ? 'Never' : date('j F Y H:i', strtotime($row['LastLogin']))) . '</td></tr></table></li></a>';
} while ($row = $result->fetchArray());
$main .= '</ul> <input type="hidden" name="update_user_levels" value="' . implode(',', $user_ids) . '" /> <input name="submit" value="Update User Levels" type="submit" /></form>
</div>
</div>';
$main .= '<hr /><form action="' . $_SERVER['REQUEST_URI'] . '" name="add_user" id="add_user" method="post" onsubmit="return validate_new_user();"><h2>Create Additional Account</h2>
<p>Administrators can create extra accounts to be associated with this account\'s systems, schedules, and test data.</p>
<h3>User</h3>
<p><input type="text" name="username" /></p>
<h3>Password</h3>
<p><input type="password" name="password" /></p>
<h3>Confirm Password</h3>
<p><input type="password" name="confirm_password" /></p>
<h3>Email</h3>
<p><input type="text" name="email" /></p>
<h3>Administration Level</h3>
<p><select name="admin_level">';
if ($_SESSION['AdminLevel'] == 1) {
$main .= '<option value="2">Administrator</option>';
}
if ($_SESSION['AdminLevel'] <= 2) {
$main .= '<option value="3">Power User</option>';
}
if ($_SESSION['AdminLevel'] <= 3) {
$main .= '<option value="10">Viewer</option>';
}
$main .= '
</select></p>
<p><input name="submit" value="Add User" type="submit" /></p>
</form>';
$group_name = phoromatic_account_id_to_group_name($_SESSION['AccountID']);
$main .= '<hr /><form action="' . $_SERVER['REQUEST_URI'] . '" name="group_name" id="group_name" method="post"><h2>Group Name</h2>
<p>A group name is an alternative, user-facing name for this set of accounts. The group name feature is primarily useful for being able to better distinguish results between groups when sharing of data within a large organization, etc. The group name is showed next to test results when viewing results from multiple groups/accounts.</p>
<h3>Group Name</h3>
<p><input type="text" name="group_name" value="' . $group_name . '" /></p>
<p><input name="submit" value="Update Group Name" type="submit" /></p>
</form>';
echo phoromatic_webui_header_logged_in();
echo '<div id="pts_phoromatic_main_area">' . $main . '</div>';
echo phoromatic_webui_footer();
}
