function update_user($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
$display = '';
$do_update = true;
if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) {
$display .= '<p>' . $lang['user_manager_password_identical'] . '</p>';
$do_update = false;
} elseif ($_POST['edit_user_pass'] == '') {
$do_update = true;
}
// end elseif
if ($_POST['user_email'] == '' || $_POST['user_first_name'] == '' || $_POST['user_last_name'] == '') {
$display .= "<p class=\"redtext\">{$lang['required_fields_not_filled']}</p>";
$do_update = false;
}
// Get Current User type
$sql = 'SELECT userdb_is_agent, userdb_is_admin, userdb_active FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']);
$is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']);
$is_active = $misc->make_db_unsafe($recordSet->fields['userdb_active']);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']);
$sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']);
//Make sure no other user has this email address.
$sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
if ($recordSet->fields['userdb_id'] != $user_id) {
$display .= "<p class=\"redtext\">{$lang['email_address_already_used']}</p>";
$do_update = false;
}
$recordSet->MoveNext();
}
if ($do_update) {
global $pass_the_form;
if ($is_agent == 'yes' || $is_admin == 'yes') {
$db_to_validate = 'agentformelements';
} else {
$db_to_validate = 'memberformelements';
}
$pass_the_form = $forms->validateForm($db_to_validate);
if (is_array($pass_the_form)) {
// if we're not going to pass it, tell that they forgot to fill in one of the fields
foreach ($pass_the_form as $k => $v) {
if ($v == 'REQUIRED') {
$display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>";
}
if ($v == 'TYPE') {
$display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>";
}
}
} else {
$_POST['user_email'] = $misc->make_db_safe($_POST['user_email']);
if ($_POST['edit_user_pass'] == '') {
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
} else {
$md5_user_pass = md5($_POST['edit_user_pass']);
$md5_user_pass = $misc->make_db_safe($md5_user_pass);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_user_password = '******', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id;
}
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
if ($_SESSION['admin_privs'] == 'yes' && $is_admin == 'yes') {
$sql_edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_limit_listings = ' . $sql_edit_limitListings . ' WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
// If Admin is upadting and agent set other fields
if ($_SESSION['admin_privs'] == 'yes' && $is_agent == 'yes') {
$edit_is_active = $misc->make_db_safe($_POST['edit_active']);
$edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
$edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
$edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']);
$edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']);
$edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']);
$edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']);
$edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']);
$edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']);
$edit_can_view_logs = $misc->make_db_safe($_POST['edit_canViewLogs']);
$edit_can_moderate = $misc->make_db_safe($_POST['edit_canModerate']);
$edit_can_feature_listings = $misc->make_db_safe($_POST['edit_canFeatureListings']);
$edit_can_edit_pages = $misc->make_db_safe($_POST['edit_canPages']);
$edit_can_have_vtours = $misc->make_db_safe($_POST['edit_canVtour']);
$edit_can_have_files = $misc->make_db_safe($_POST['edit_canFiles']);
$edit_can_have_user_files = $misc->make_db_safe($_POST['edit_canUserFiles']);
$edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']);
$sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']);
$sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']);
$sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']);
$sql_userdb_blog_user_type = $misc->make_db_safe($_POST['edit_BlogPrivileges']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET
userdb_active = ' . $edit_is_active . ',
userdb_user_first_name = ' . $edit_first_name . ',
userdb_user_last_name = ' . $edit_last_name . ',
userdb_can_edit_site_config = ' . $edit_canEditSiteConfig . ',
userdb_can_edit_member_template = ' . $edit_canEditMemberTemplate . ',
userdb_can_edit_agent_template = ' . $edit_canEditAgentTemplate . ',
userdb_can_edit_listing_template = ' . $edit_canEditListingTemplate . ',
userdb_can_view_logs = ' . $edit_can_view_logs . ',
userdb_can_moderate = ' . $edit_can_moderate . ',
userdb_can_feature_listings = ' . $edit_can_feature_listings . ',
userdb_can_edit_pages = ' . $edit_can_edit_pages . ',
userdb_can_have_vtours = ' . $edit_can_have_vtours . ',
userdb_can_have_files = ' . $edit_can_have_files . ',
userdb_can_have_user_files = ' . $edit_can_have_user_files . ',
userdb_limit_listings = ' . $edit_limitListings . ',
userdb_can_edit_expiration = ' . $sql_edit_canEditListingExpiration . ',
userdb_can_export_listings = ' . $sql_edit_canExportListings . ',
userdb_can_edit_all_users = ' . $edit_canEditAllUsers . ',
userdb_can_edit_all_listings = ' . $edit_canEditAllListings . ',
userdb_can_edit_property_classes = ' . $sql_edit_canEditPropertyClasses . ',
userdb_can_manage_addons = ' . $sql_edit_canManageAddons . ',
userdb_rank = ' . $sql_edit_userRank . ',
userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ',
userdb_blog_user_type = ' . $sql_userdb_blog_user_type . '
WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
} else {
if (isset($_POST['edit_active'])) {
$edit_is_active = $misc->make_db_safe($_POST['edit_active']);
} else {
$edit_is_active = $misc->make_db_safe('yes');
}
$edit_first_name = $misc->make_db_safe($_POST['user_first_name']);
$edit_last_name = $misc->make_db_safe($_POST['user_last_name']);
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name =' . $edit_last_name . ' WHERE userdb_id = ' . $user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
}
if ($is_active == 'no' && $_POST['edit_active'] == 'yes') {
if ($config['moderate_agents'] == 1 && $is_agent == 'yes' || $config['moderate_members'] == 1 && $is_agent == 'no') {
$message = $_POST['user_first_name'] . ' ' . $_POST['user_last_name'] . ",\r\n" . $lang['user_activated_message'] . "\r\n\r\n";
if ($is_agent == 'yes') {
$link = $config['baseurl'] . '/admin/index.php';
} else {
$link = $config['baseurl'] . '/index.php?action=member_login';
}
$message .= $link;
$email = str_replace('\'', '', $_POST['user_email']);
$send = $misc->send_email($config['company_name'], $config['admin_email'], $email, $message, $lang['user_activated_subject']);
}
}
$message = user_managment::updateUserData($user_id);
if ($message == 'success') {
// one has to ensure that the cookie containing the pass is reset
// otherwise, one would have to log out and in again everytime
// an account was updated
if ($_POST['edit_user_pass'] != "" && $_SESSION['userID'] == $user_id) {
$_SESSION['userpassword'] = md5($_POST['edit_user_pass']);
}
$display .= '<p>' . $lang['user_editor_account_updated'] . ', ' . $_SESSION['username'] . '</p>';
} else {
$display .= '<p>' . $lang['alert_site_admin'] . '</p>';
}
// end else
}
// end if $pass_the_form == "Yes"
}
// end else
$misc->log_action($lang['log_updated_user'] . ': ' . $user_id);
return $display;
}
