if (!isset($_SESSION['user_id'])) {
header('location: ' . $BASEURL . 'user/login');
exit;
}
$user_id = $_SESSION['user_id'];
if ($_GET['id']) {
$id = $_GET['id'];
} else {
if ($_POST['id']) {
$id = $_POST['id'];
} else {
$id = 'new';
}
}
$dal = new DataAccessLayer();
$username = $dal->GetUsername($_SESSION['user_id']);
if (isset($_POST['save'])) {
$fieldnames = array("username", "password", "email", "reviewer", "isvalid", "isadmin");
foreach ($fieldnames as $i) {
$answers[$i] = mysql_real_escape_string($_POST[$i]);
}
if ($_POST['formstate'] == 'new') {
$answers['password'] = md5($_POST['password']);
$id = $dal->NewUserCreate($answers);
} else {
$dal->UpdateUserInfo($answers, $_POST['id']);
}
}
if ($id != "new") {
$user = $dal->GetUserInfo($id);
}