function replace_admin_actions()
{
global $config, $lang;
require_once $config['basepath'] . '/include/login.inc.php';
$login = new login();
$login_status = $login->loginCheck('Agent');
if ($login_status !== true) {
// Run theese commands even if not logged in.
$data = '';
switch ($_GET['action']) {
case 'send_forgot':
require_once $config['basepath'] . '/include/login.inc.php';
$data = login::forgot_password();
break;
case 'forgot':
require_once $config['basepath'] . '/include/login.inc.php';
$data = login::forgot_password_reset();
break;
default:
$data .= $login_status;
break;
}
} else {
switch ($_GET['action']) {
case 'index':
require_once $config['basepath'] . '/include/admin.inc.php';
$admin = new general_admin();
$data = $admin->index_page();
break;
case 'edit_page':
require_once $config['basepath'] . '/include/editor.inc.php';
$listing = new editor();
$data = $listing->page_edit();
break;
case 'edit_user_images':
require_once $config['basepath'] . '/include/images.inc.php';
$images = new image_handler();
$data = $images->edit_user_images();
break;
case 'edit_listing_images':
require_once $config['basepath'] . '/include/images.inc.php';
$images = new image_handler();
$data = $images->edit_listing_images();
break;
case 'edit_vtour_images':
require_once $config['basepath'] . '/include/images.inc.php';
$images = new image_handler();
$data = $images->edit_vtour_images();
break;
case 'edit_listing_files':
require_once $config['basepath'] . '/include/files.inc.php';
$files = new file_handler();
$data = $files->edit_listing_files();
break;
case 'edit_user_files':
require_once $config['basepath'] . '/include/files.inc.php';
$files = new file_handler();
$data = $files->edit_user_files();
break;
case 'add_listing':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->add_listing();
break;
case 'edit_my_listings':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->edit_listings();
break;
case 'edit_listings':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->edit_listings(false);
break;
case 'configure':
require_once $config['basepath'] . '/include/controlpanel.inc.php';
$listing_editor = new configurator();
$data = $listing_editor->show_configurator();
break;
case 'edit_listing_template':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listing_template();
break;
case 'edit_listings_template_field_order':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listings_template_field_order();
break;
case 'edit_agent_template_field_order':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_template_field_order($type = 'agent');
break;
case 'edit_member_template_field_order':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_template_field_order($type = 'member');
break;
case 'edit_agent_template_add_field':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->add_user_template_field($type = 'agent');
break;
case 'edit_member_template_add_field':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$type = 'member';
$data = $listing->add_user_template_field($type);
break;
case 'edit_listing_template_search':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listing_template_search();
break;
case 'edit_listing_template_search_results':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_listing_template_search_results();
break;
case 'user_manager':
require_once $config['basepath'] . '/include/user_manager.inc.php';
$user_managment = new user_managment();
$data = $user_managment->show_user_manager();
break;
case 'edit_user_template':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->edit_user_template();
break;
case 'edit_listing_template_add_field':
require_once $config['basepath'] . '/include/template_editor.inc.php';
$listing = new template_editor();
$data = $listing->add_listing_template_field();
break;
case 'add_page':
require_once $config['basepath'] . '/include/editor.inc.php';
$listing = new editor();
$data = $listing->add_page();
break;
case 'view_log':
require_once $config['basepath'] . '/include/log.inc.php';
$data = log::view();
break;
case 'clear_log':
require_once $config['basepath'] . '/include/log.inc.php';
$data = log::clear_log();
break;
case 'show_property_classes':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::show_classes();
break;
case 'modify_property_class':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::modify_property_class();
break;
case 'delete_property_class':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::delete_property_class();
break;
case 'insert_property_class':
require_once $config['basepath'] . '/include/propertyclass.inc.php';
$data = propertyclass::insert_property_class();
break;
case 'add_listing_property_class':
require_once $config['basepath'] . '/include/listing_editor.inc.php';
$listing_editor = new listing_editor();
$data = $listing_editor->add_listing_logic();
break;
//Todo Finish Adding Blog Items
//Todo Finish Adding Blog Items
case 'edit_blog':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->blog_edit_index();
break;
case 'edit_blog_post':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->blog_edit();
break;
case 'add_blog':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->add_post();
break;
case 'edit_blog_post_comments':
require_once $config['basepath'] . '/include/blog_editor.inc.php';
$listing = new blog_editor();
$data = $listing->edit_post_comments();
break;
case 'addon_manager':
require_once $config['basepath'] . '/include/addon_manager.inc.php';
$am = new addon_manager();
$data = $am->display_addon_manager();
break;
case 'send_notifications':
require_once $config['basepath'] . '/include/notification.inc.php';
$notify = new notification();
$data = $notify->NotifyUsersOfAllNewListings();
break;
default:
// Handle Addons
$addon_name = array();
if (preg_match("/^addon_(.\\S*?)_.*/", $_GET['action'], $addon_name)) {
include_once $config['basepath'] . '/addons/' . $addon_name[1] . '/addon.inc.php';
$function_name = $addon_name[1] . '_run_action_admin_template';
$data = $function_name();
}
}
}
return $data;
}
function update_user($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
$display = '';
$do_update = true;
if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) {
$display .= '<p>' . $lang['user_manager_password_identical'] . '</p>';
$do_update = false;
} elseif ($_POST['edit_user_pass'] == '') {
$do_update = true;
}
// end elseif
if ($_POST['user_email'] == '' || $_POST['user_first_name'] == '' || $_POST['user_last_name'] == '') {
$display .= "<p class=\"redtext\">{$lang['required_fields_not_filled']}</p>";
$do_update = false;
}
// Get Current User type
$sql = 'SELECT userdb_is_agent, userdb_is_admin, userdb_active FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']);
$is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']);
$is_active = $misc->make_db_unsafe($recordSet->fields['userdb_active']);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']);
$sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']);
//Make sure no other user has this email address.
$sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if ($recordSet->fields['userdb_id'] != $user_id) {
$display .= "<p class=\"redtext\">{$lang['email_address_already_used']}</p>";
$do_update = false;
}
$recordSet->MoveNext();
}
if ($do_update) {
global $pass_the_form;
if ($is_agent == 'yes' || $is_admin == 'yes') {
$db_to_validate = 'agentformelements';
} else {
$db_to_validate = 'memberformelements';
}
$pass_the_form = $forms->validateForm($db_to_validate);
if (is_array($pass_the_form)) {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
foreach ($pass_the_form as $k => $v) {
if ($v == 'REQUIRED') {
$display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
}
if ($v == 'TYPE') {
$display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
}
}
} else {
$_POST['user_email'] = $misc->make_db_safe($_POST['user_email']);
if ($_POST['edit_user_pass'] == '') {
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
} else {
$md5_user_pass = md5($_POST['edit_user_pass']);
$md5_user_pass = $misc->make_db_safe($md5_user_pass);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_user_password = '******', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($_SESSION['admin_privs'] == 'yes' && $is_admin == 'yes') {
$sql_edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_limit_listings = ' . $sql_edit_limitListings . ' WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// If Admin is upadting and agent set other fields
if ($_SESSION['admin_privs'] == 'yes' && $is_agent == 'yes') {
$edit_is_active = $misc->make_db_safe($_POST['edit_active']);
$edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
$edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
$edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']);
$edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']);
$edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']);
$edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']);
$edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']);
$edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']);
$edit_can_view_logs = $misc->make_db_safe($_POST['edit_canViewLogs']);
$edit_can_moderate = $misc->make_db_safe($_POST['edit_canModerate']);
$edit_can_feature_listings = $misc->make_db_safe($_POST['edit_canFeatureListings']);
$edit_can_edit_pages = $misc->make_db_safe($_POST['edit_canPages']);
$edit_can_have_vtours = $misc->make_db_safe($_POST['edit_canVtour']);
$edit_can_have_files = $misc->make_db_safe($_POST['edit_canFiles']);
$edit_can_have_user_files = $misc->make_db_safe($_POST['edit_canUserFiles']);
$edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
$sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']);
$sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']);
$sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']);
$sql_userdb_blog_user_type = $misc->make_db_safe($_POST['edit_BlogPrivileges']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET
userdb_active = ' . $edit_is_active . ',
userdb_user_first_name = ' . $edit_first_name . ',
userdb_user_last_name = ' . $edit_last_name . ',
userdb_can_edit_site_config = ' . $edit_canEditSiteConfig . ',
userdb_can_edit_member_template = ' . $edit_canEditMemberTemplate . ',
userdb_can_edit_agent_template = ' . $edit_canEditAgentTemplate . ',
userdb_can_edit_listing_template = ' . $edit_canEditListingTemplate . ',
userdb_can_view_logs = ' . $edit_can_view_logs . ',
userdb_can_moderate = ' . $edit_can_moderate . ',
userdb_can_feature_listings = ' . $edit_can_feature_listings . ',
userdb_can_edit_pages = ' . $edit_can_edit_pages . ',
userdb_can_have_vtours = ' . $edit_can_have_vtours . ',
userdb_can_have_files = ' . $edit_can_have_files . ',
userdb_can_have_user_files = ' . $edit_can_have_user_files . ',
userdb_limit_listings = ' . $edit_limitListings . ',
userdb_can_edit_expiration = ' . $sql_edit_canEditListingExpiration . ',
userdb_can_export_listings = ' . $sql_edit_canExportListings . ',
userdb_can_edit_all_users = ' . $edit_canEditAllUsers . ',
userdb_can_edit_all_listings = ' . $edit_canEditAllListings . ',
userdb_can_edit_property_classes = ' . $sql_edit_canEditPropertyClasses . ',
userdb_can_manage_addons = ' . $sql_edit_canManageAddons . ',
userdb_rank = ' . $sql_edit_userRank . ',
userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ',
userdb_blog_user_type = ' . $sql_userdb_blog_user_type . '
WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
} else {
if (isset($_POST['edit_active'])) {
$edit_is_active = $misc->make_db_safe($_POST['edit_active']);
} else {
$edit_is_active = $misc->make_db_safe('yes');
}
$edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
$edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name =' . $edit_last_name . ' WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
if ($is_active == 'no' && $_POST['edit_active'] == 'yes') {
if ($config['moderate_agents'] == 1 && $is_agent == 'yes' || $config['moderate_members'] == 1 && $is_agent == 'no') {
$message = $_POST['user_first_name'] . ' ' . $_POST['user_last_name'] . ",\r\n" . $lang['user_activated_message'] . "\r\n\r\n";
if ($is_agent == 'yes') {
$link = $config['baseurl'] . '/admin/index.php';
} else {
$link = $config['baseurl'] . '/index.php?action=member_login';
}
$message .= $link;
$email = str_replace('\'', '', $_POST['user_email']);
$send = $misc->send_email($config['company_name'], $config['admin_email'], $email, $message, $lang['user_activated_subject']);
}
}
$message = user_managment::updateUserData($user_id);
if ($message == 'success') {
// one has to ensure that the cookie containing the pass is reset
// otherwise, one would have to log out and in again everytime
// an account was updated
if ($_POST['edit_user_pass'] != "" && $_SESSION['userID'] == $user_id) {
$_SESSION['userpassword'] = md5($_POST['edit_user_pass']);
}
$display .= '<p>' . $lang['user_editor_account_updated'] . ', ' . $_SESSION['username'] . '</p>';
} else {
$display .= '<p>' . $lang['alert_site_admin'] . '</p>';
}
// end else
}
// end if $pass_the_form == "Yes"
}
// end else
$misc->log_action($lang['log_updated_user'] . ': ' . $user_id);
return $display;
}
