function handleUserMgmt() { global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php"; if (isset($_GET['userid'])) { $_GET['userid'] = escape($_GET['userid']); } if (isset($_POST['editusertype'])) { $_POST['editusertype'] = escape($_POST['editusertype']); } if (isset($_POST['user_selected_activate'])) { foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) { $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'"); if ($result) { $row = mysql_fetch_assoc($result); displayerror("Couldn't activate user, {$row['user_fullname']}"); } } } } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_selected_deactivate'])) { foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if ((int) substr($key, 9) == ADMIN_USERID) { displayerror("You cannot deactivate administrator!"); continue; } if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) { $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'"); if ($result) { $row = mysql_fetch_assoc($result); displayerror("Couldn't deactivate user, {$row['user_fullname']}"); } } } } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_selected_delete'])) { $done = true; foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if ((int) substr($key, 9) == ADMIN_USERID) { displayerror("You cannot delete administrator!"); continue; } $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'"; if (mysql_query($query)) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'"; if (!mysql_query($query)) { $done = false; } } else { $done = false; } } } if (!$done) { displayerror("Some problem in deleting selected users"); } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_activate'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'"; if (mysql_query($query)) { displayInfo("User Successfully Activated!"); } else { displayerror("User Not Activated!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['activate_all_users'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1"; if (mysql_query($query)) { displayInfo("All users activated successfully!"); } else { displayerror("Users Not Deactivated!"); } return; } else { if (isset($_POST['user_deactivate'])) { if ($_GET['userid'] == ADMIN_USERID) { displayError("You cannot deactivate administrator!"); return registeredUsersList($_POST['editusertype'], "edit", false); } $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'"; if (mysql_query($query)) { displayInfo("User Successfully Deactivated!"); } else { displayerror("User Not Deactivated!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['deactivate_all_users'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID; if (mysql_query($query)) { displayInfo("All users deactivated successfully except Administrator!"); } else { displayerror("Users Not Deactivated!"); } return; } else { if (isset($_POST['user_delete'])) { $userId = $_GET['userid']; if ($userId == ADMIN_USERID) { displayError("You cannot delete administrator!"); return registeredUsersList($_POST['editusertype'], "edit", false); } $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'"; if (mysql_query($query)) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'"; if (mysql_query($query)) { displayinfo("User Successfully Deleted!"); } else { displayerror("User not deleted from OpenID database!"); } } else { displayerror("User Not Deleted!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) { if (isset($_POST['user_info_update'])) { $updates = array(); $userId = $_GET['userid']; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'"; $row = mysql_fetch_assoc(mysql_query($query)); $errors = false; if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) { $chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'"; $result = mysql_query($chkquery) or die("failed : {$chkquery}"); if (mysql_num_rows($result) > 0) { displayerror("User Name already exists in database!"); $errors = true; } } if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) { $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'"; } if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) { $updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'"; } if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) { $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'"; } if ($_POST['user_password'] != '') { if ($_POST['user_password'] != $_POST['user_password2']) { displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.'); $errors = true; } else { if (md5($_POST['user_password']) != $row['user_password']) { $updates[] = "`user_password` = MD5('{$_POST['user_password']}')"; } } } if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) { $updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'"; } if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) { $updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'"; } if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) { $checked = isset($_POST['user_activated']) ? 1 : 0; $updates[] = "`user_activated` = {$checked}"; } if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) { $updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'"; if ($_POST['user_loginmethod'] != 'db') { displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website."); } } if (!$errors) { if (count($updates) > 0) { $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'"; $profileResult = mysql_query($profileQuery); if (!$profileResult) { displayerror('An error was encountered while attempting to process your request.' . $profileQuery); $errors = true; } } global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; if (!$errors && !submitRegistrationForm(0, $userId, true, true)) { displayerror('An error was encountered while attempting to process your request.' . $profileQuery); $errors = true; } else { displayinfo('All fields updated successfully!'); } } } $userid = $_GET['userid']; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}"; $columnList = getColumnList(0, false, false, false, false, false); $xcolumnIds = array_keys($columnList); $xcolumnNames = array_values($columnList); $row = mysql_fetch_assoc(mysql_query($query)); $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>"; $usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames); for ($i = 0; $i < count($usertablefields); $i++) { if (isset($_POST[$usertablefields[$i] . '_sel'])) { $userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>"; } } $userinfo .= "<input type='hidden' name='not_first_time' />"; $userinfo .= userProfileForm($userfieldprettynames, $row, false, true); $userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>"; return $userinfo; } else { if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) { return registeredUsersList("all", "view", false); } else { if (isset($_POST['edit_reg_users'])) { return registeredUsersList("all", "edit", false); } else { if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) { return registeredUsersList("activated", "view", false); } else { if (isset($_POST['edit_activated_users'])) { return registeredUsersList("activated", "edit", false); } else { if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) { return registeredUsersList("nonactivated", "view", false); } else { if (isset($_POST['edit_nonactivated_users'])) { return registeredUsersList("nonactivated", "edit", false); } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') { $results = ""; $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $usertablefields = getTableFieldsName('users'); $first = true; $qstring = ""; foreach ($usertablefields as $field) { if (isset($_POST[$field]) && $_POST[$field] != '') { if ($first == false) { $qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR "; } $val = escape($_POST[$field]); if ($field == 'user_activated') { ${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0; } else { ${$field . '_lastval'} = $val; } $qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) "; $first = false; } } if ($qstring != "") { $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} "; $resultSearch = mysql_query($query); if (mysql_num_rows($resultSearch) > 0) { $num = mysql_num_rows($resultSearch); $userInfo = array(); while ($row = mysql_fetch_assoc($resultSearch)) { $userInfo['user_id'][] = $row['user_id']; $userInfo['user_name'][] = $row['user_name']; $userInfo['user_email'][] = $row['user_email']; $userInfo['user_fullname'][] = $row['user_fullname']; $userInfo['user_password'][] = $row['user_password']; $userInfo['user_lastlogin'][] = $row['user_lastlogin']; $userInfo['user_regdate'][] = $row['user_regdate']; $userInfo['user_activated'][] = $row['user_activated']; $userInfo['user_loginmethod'][] = $row['user_loginmethod']; } $results = registeredUsersList("all", "edit", false, $userInfo); } else { displayerror("No users matched your query!"); } } $searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>"; $xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false)); $usertablefields2 = array_merge($usertablefields, $xcolumnNames); for ($i = 0; $i < count($usertablefields2); $i++) { if (isset($_POST[$usertablefields2[$i] . '_sel'])) { $searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>"; } } $searchForm .= "<input type='hidden' name='not_first_time' />"; $infoarray = array(); foreach ($usertablefields as $field) { if (isset(${$field . '_lastval'})) { $infoarray[$field] = ${$field . '_lastval'}; } else { $infoarray[$field] = ""; } } $searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false); $searchForm .= "Operation : <input type='radio' name='user_search_op' value='and' />AND <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>"; return $results . $searchForm; } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') { $userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $usertablefields = getTableFieldsName('users'); if (isset($_POST['create_user_submit'])) { $incomplete = false; foreach ($usertablefields as $field) { if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) { displayerror("New user could not be created. Some fields are missing!{$field}"); $incomplete = true; break; } ${$field} = escape($_POST[$field]); } if (!$incomplete) { $user_id = $_GET['userid']; $chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'"; $result = mysql_query($chkquery); $row = mysql_fetch_row($result); if ($row[0] > 0) { displayerror("Another user with the same name or email already exists!"); } else { if ($user_password != $_POST['user_password2']) { displayerror("Passwords mismatch!"); } else { if (isset($_POST['user_activated'])) { $user_activated = 1; } $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')"; $result = mysql_query($query) or die(mysql_error()); global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) { displayinfo("User {$user_fullname} Successfully Created!"); } else { displayerror("Failed to create user"); } } } } } $nextUserId = getNextUserId(); $userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>"; $xcolumnNames = array_values(getColumnList(0, false, false, false, false, false)); $usertablefields2 = array_merge($usertablefields, $xcolumnNames); $calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}"; $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>'; for ($i = 0; $i < count($usertablefields2); $i++) { if (isset($_POST[$usertablefields2[$i] . '_sel'])) { $userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>"; } } $userForm .= "<input type='hidden' name='not_first_time' />"; $infoarray = array(); foreach ($usertablefields as $field) { $infoarray[$field] = ""; } $infoarray['user_id'] = $nextUserId; $userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true); $userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>"; return $userForm; } } } } } } } } } } } } } } }
switch ($GLOBALS["action"]) { case "register": $template->setPage("Title", "User Registeration"); $template->setPage("Content", userProfileForm()); break; case "editregister": $template->setPage("Title", "User Edit-Registeration"); $template->setPage("Content", userProfileForm()); break; case "adduser": $template->setPage("Title", "Add-AdminUser::Registeration"); $template->setPage("Content", userProfileForm(true)); break; case "edituser": $template->setPage("Title", "Edit-AdminUser::Registeration"); $template->setPage("Content", userProfileForm(true)); break; case "viewusers": $template->setPage("Title", "Preview::AdminUsers "); //$content ="<p>Some information on user profile viewer (Table list of Admin.)</p>";// $template->setPage("Content", usersDetailTable()); break; case "profile": $template->setPage("Title", "Preview::Profile"); //$content ="<p>Some information on user profile viewer (Table list of Admin.)</p>"; $template->setPage("Content", $content); break; case "delete": echo delUser(); header("Location: index.php"); break;