if (!$user) { $titleBlock = new w2p_Theme_TitleBlock('Invalid User ID', 'helix-setup-user.png', $m, "{$m}.{$a}"); $titleBlock->addCrumb('?m=admin', 'users list'); $titleBlock->show(); } else { $countries = w2PgetSysVal('GlobalCountries'); // setup the title block $titleBlock = new w2p_Theme_TitleBlock('View User', 'helix-setup-user.png', $m, "{$m}.{$a}"); if ($canRead) { $titleBlock->addCrumb('?m=admin', 'users list'); } if ($canEdit || $user_id == $AppUI->user_id) { $titleBlock->addCrumb('?m=admin&a=addedituser&user_id=' . $user_id, 'edit this user'); $titleBlock->addCrumb('?m=contacts&a=addedit&contact_id=' . $user->contact_id, 'edit this contact'); $titleBlock->addCrumb('?m=system&a=addeditpref&user_id=' . $user_id, 'edit preferences'); $titleBlock->addCrumbRight('<div class="crumb"><ul style="float:right;"><li><a href="javascript: void(0);" onclick="popChgPwd();return false"><span>' . $AppUI->_('change password') . '</span></a></li></ul></div>'); $titleBlock->addCell('<td align="right" width="100%"><input type="button" class=button value="' . $AppUI->_('add user') . '" onclick="javascript:window.location=\'./index.php?m=admin&a=addedituser\';" /></td>'); } $titleBlock->show(); ?> <script language="javascript" type="text/javascript"> <?php // security improvement: // some javascript functions may not appear on client side in case of user not having write permissions // else users would be able to arbitrarily run 'bad' functions if ($canEdit || $user_id == $AppUI->user_id) { ?> function popChgPwd() { window.open( './index.php?m=public&a=chpwd&dialog=1&user_id=<?php echo $user->user_id; ?>