$smarty->assign('message', Message::getMessage()); if ($_GET['section'] == "edit") { //Only owner and Root can access this site. if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) { $smarty->assign('user', User_old::getUserByID($_GET['user_id'])); $smarty->assign('is_root', Permission::checkPermission(PERM_ROOT, $_SESSION['user_id'])); $smarty->assign('permissions', User_old::getRolesByUserID($_GET['user_id'])); $smarty->display("header.tpl.html"); $smarty->display("user_edit.tpl.html"); $smarty->display("footer.tpl.html"); } else { Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']); } } elseif ($_GET['section'] == "insert_edit") { if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) { if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'], $_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'], $_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'], $_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) { header('Location: user.php?user_id=' . $_GET['user_id']); } else { header('Location: user_edit.php?section=edit&user_id=' . $_GET['user_id']); } } else { Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']); } } elseif ($_GET['section'] == "delete") { if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) { if ($_POST['delete'] == "true") { //fetch user data $user = new User((int) $_GET['user_id']); $user->fetch(); //logout user if the logged in user is the user to be deleted if ($_GET['user_id'] == $_SESSION['user_id']) {