$content .= "</form>\n\n";
$content .= "<h3>Regular search</h3>\n";
$content .= "Searches for nick, first or last name and email address\n";
$content .= "<form method='GET' action='index.php'>\n";
$content .= "<input type='hidden' name='module' value='useradmin' />\n";
$content .= "<input type='hidden' name='action' value='search' />\n";
$content .= "<input type='text' name='search' />\n";
$content .= " <input type='submit' value='" . lang("Search", "useradmin") . "' />\n";
$content .= "</form>\n\n";
// $content .= "<h3>Detailed search</h3>";
// $content .= "Search for users with tickets for a specific event";
} elseif ($action == 'listall' || $action == 'search') {
$content .= "<h2>" . lang("List of all users", "useradmin") . "</h2>";
$content .= "<a href='index.php?module=useradmin'>" . lang("Back to user administration", "useradmin") . "</a>";
if ($action == "listall") {
$users = user_getall();
} else {
$s = db_escape($_GET['search']);
$qFindUsers = db_query("SELECT * FROM " . $sql_prefix . "_users \n\t\t\tWHERE ID = '{$s}'\n\t\t\tOR nick LIKE '%{$s}%'\n\t\t\tOR firstName LIKE '%{$s}%'\n\t\t\tOR lastName LIKE '%{$s}%'\n\t\t\tOR EMail LIKE '%{$s}%'\n\t\t");
while ($rFindUsers = db_fetch($qFindUsers)) {
$users[] = $rFindUsers;
}
// End while
}
// End else
$content .= "<table class='userlist'>";
$content .= "<tr>";
$content .= "<th>" . lang("ID", "useradmin") . "</th>";
$content .= "<th>" . lang("Username", "useradmin") . "</th>";
$content .= "<th>" . lang("Firstname", "useradmin") . "</th>";
$content .= "<th>" . lang("Lastname", "useradmin") . "</th>";
$content .= sprintf("<input type='radio' %s name='scope' value='tickets' /> %s\n", $tickets_checked, _("Search users with tickets"));
$content .= "</td>";
}
$content .= "</tr>\n</table>\n";
$content .= "</form>\n";
// FIXME: this could be done globally and save some typing :-) ($usertable = $sql_prefix."users";)
$usertable = $sql_prefix . "_users";
$ticketstable = $sql_prefix . "_tickets";
$tickettypestable = $sql_prefix . "_ticketTypes";
$str = db_escape($search);
$userResult = array();
$usersR = -1;
$usersC = 0;
if ($search == "" or empty($search)) {
if ($scope == 'all' || getModuleConfig('arrival', 'searchAll') && isset($_GET['action']) && $_GET['action'] == 'searchUser') {
$userResult = user_getall(array('nick', 'firstName', 'lastName', 'ID'));
} else {
$usersQ = sprintf("SELECT DISTINCT u.nick as nick, u.firstName as firstName, u.lastName as lastName, u.ID as ID FROM %s as u, %s as t WHERE t.eventID=%s AND t.user=u.ID ORDER BY u.ID", $usertable, $ticketstable, $sessioninfo->eventID);
$usersR = db_query($usersQ);
$usersC = db_num($usersR);
}
} else {
if (getModuleConfig('arrival', 'searchAll') || $scope == 'all') {
$usersQ = sprintf("SELECT nick, firstName, lastName, ID FROM %s WHERE ID > 1 AND \n\t\t\t\t(nick LIKE '%%%s%%' OR\n\t\t\t\tfirstName LIKE '%%%s%%' OR\n\t\t\t\tlastName LIKE '%%%s%%' OR\n\t\t\t\tCONCAT(firstName, ' ', lastName) LIKE '%%%s%%' OR\n\t\t\t\tEMail LIKE '%%%s%%') ORDER BY ID\n\t\t\t\t", $usertable, $str, $str, $str, $str, $str);
$usersR = db_query($usersQ);
$usersC = db_num($usersR);
} else {
$usersQ = sprintf("SELECT DISTINCT u.nick as nick, u.firstName as firstName, u.lastName as lastName, u.ID as ID FROM %s as u, %s as t WHERE t.eventID=%s AND t.user=u.ID AND \n\t\t\t(u.nick LIKE '%%%s%%' OR\n\t\t\tu.firstName LIKE '%%%s%%' OR\n\t\t\tu.lastName LIKE '%%%s%%' OR\n\t\t\tCONCAT(u.firstName, ' ', u.lastName) LIKE '%%%s%%' OR\n\t\t\tEMail LIKE '%%%s%%'\n\t\t\t) ORDER BY u.ID\n\t\t\t", $usertable, $ticketstable, $sessioninfo->eventID, $str, $str, $str, $str, $str);
$usersR = db_query($usersQ);
$usersC = db_num($usersR);
}