function update_user($user_id) { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/forms.inc.php'; $forms = new forms(); $display = ''; $do_update = true; if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) { $display .= '<p>' . $lang['user_manager_password_identical'] . '</p>'; $do_update = false; } elseif ($_POST['edit_user_pass'] == '') { $do_update = true; } // end elseif if ($_POST['user_email'] == '' || $_POST['user_first_name'] == '' || $_POST['user_last_name'] == '') { $display .= "<p class=\"redtext\">{$lang['required_fields_not_filled']}</p>"; $do_update = false; } // Get Current User type $sql = 'SELECT userdb_is_agent, userdb_is_admin, userdb_active FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']); $is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']); $is_active = $misc->make_db_unsafe($recordSet->fields['userdb_active']); $sql_user_email = $misc->make_db_safe($_POST['user_email']); $sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']); $sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']); //Make sure no other user has this email address. $sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { if ($recordSet->fields['userdb_id'] != $user_id) { $display .= "<p class=\"redtext\">{$lang['email_address_already_used']}</p>"; $do_update = false; } $recordSet->MoveNext(); } if ($do_update) { global $pass_the_form; if ($is_agent == 'yes' || $is_admin == 'yes') { $db_to_validate = 'agentformelements'; } else { $db_to_validate = 'memberformelements'; } $pass_the_form = $forms->validateForm($db_to_validate); if (is_array($pass_the_form)) { // if we're not going to pass it, tell that they forgot to fill in one of the fields foreach ($pass_the_form as $k => $v) { if ($v == 'REQUIRED') { $display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>"; } if ($v == 'TYPE') { $display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>"; } } } else { $_POST['user_email'] = $misc->make_db_safe($_POST['user_email']); if ($_POST['edit_user_pass'] == '') { $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id; } else { $md5_user_pass = md5($_POST['edit_user_pass']); $md5_user_pass = $misc->make_db_safe($md5_user_pass); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_user_password = '******', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($_SESSION['admin_privs'] == 'yes' && $is_admin == 'yes') { $sql_edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']); $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']); $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_limit_listings = ' . $sql_edit_limitListings . ' WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } // If Admin is upadting and agent set other fields if ($_SESSION['admin_privs'] == 'yes' && $is_agent == 'yes') { $edit_is_active = $misc->make_db_safe($_POST['edit_active']); $edit_first_name = $misc->make_db_safe($_POST['user_first_name']); $edit_last_name = $misc->make_db_safe($_POST['user_last_name']); $edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']); $edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']); $edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']); $edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']); $edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']); $edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']); $edit_can_view_logs = $misc->make_db_safe($_POST['edit_canViewLogs']); $edit_can_moderate = $misc->make_db_safe($_POST['edit_canModerate']); $edit_can_feature_listings = $misc->make_db_safe($_POST['edit_canFeatureListings']); $edit_can_edit_pages = $misc->make_db_safe($_POST['edit_canPages']); $edit_can_have_vtours = $misc->make_db_safe($_POST['edit_canVtour']); $edit_can_have_files = $misc->make_db_safe($_POST['edit_canFiles']); $edit_can_have_user_files = $misc->make_db_safe($_POST['edit_canUserFiles']); $edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']); $sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']); $sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']); $sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']); $sql_userdb_blog_user_type = $misc->make_db_safe($_POST['edit_BlogPrivileges']); $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']); $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']); $sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name = ' . $edit_last_name . ', userdb_can_edit_site_config = ' . $edit_canEditSiteConfig . ', userdb_can_edit_member_template = ' . $edit_canEditMemberTemplate . ', userdb_can_edit_agent_template = ' . $edit_canEditAgentTemplate . ', userdb_can_edit_listing_template = ' . $edit_canEditListingTemplate . ', userdb_can_view_logs = ' . $edit_can_view_logs . ', userdb_can_moderate = ' . $edit_can_moderate . ', userdb_can_feature_listings = ' . $edit_can_feature_listings . ', userdb_can_edit_pages = ' . $edit_can_edit_pages . ', userdb_can_have_vtours = ' . $edit_can_have_vtours . ', userdb_can_have_files = ' . $edit_can_have_files . ', userdb_can_have_user_files = ' . $edit_can_have_user_files . ', userdb_limit_listings = ' . $edit_limitListings . ', userdb_can_edit_expiration = ' . $sql_edit_canEditListingExpiration . ', userdb_can_export_listings = ' . $sql_edit_canExportListings . ', userdb_can_edit_all_users = ' . $edit_canEditAllUsers . ', userdb_can_edit_all_listings = ' . $edit_canEditAllListings . ', userdb_can_edit_property_classes = ' . $sql_edit_canEditPropertyClasses . ', userdb_can_manage_addons = ' . $sql_edit_canManageAddons . ', userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_blog_user_type = ' . $sql_userdb_blog_user_type . ' WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } else { if (isset($_POST['edit_active'])) { $edit_is_active = $misc->make_db_safe($_POST['edit_active']); } else { $edit_is_active = $misc->make_db_safe('yes'); } $edit_first_name = $misc->make_db_safe($_POST['user_first_name']); $edit_last_name = $misc->make_db_safe($_POST['user_last_name']); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name =' . $edit_last_name . ' WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } if ($is_active == 'no' && $_POST['edit_active'] == 'yes') { if ($config['moderate_agents'] == 1 && $is_agent == 'yes' || $config['moderate_members'] == 1 && $is_agent == 'no') { $message = $_POST['user_first_name'] . ' ' . $_POST['user_last_name'] . ",\r\n" . $lang['user_activated_message'] . "\r\n\r\n"; if ($is_agent == 'yes') { $link = $config['baseurl'] . '/admin/index.php'; } else { $link = $config['baseurl'] . '/index.php?action=member_login'; } $message .= $link; $email = str_replace('\'', '', $_POST['user_email']); $send = $misc->send_email($config['company_name'], $config['admin_email'], $email, $message, $lang['user_activated_subject']); } } $message = user_managment::updateUserData($user_id); if ($message == 'success') { // one has to ensure that the cookie containing the pass is reset // otherwise, one would have to log out and in again everytime // an account was updated if ($_POST['edit_user_pass'] != "" && $_SESSION['userID'] == $user_id) { $_SESSION['userpassword'] = md5($_POST['edit_user_pass']); } $display .= '<p>' . $lang['user_editor_account_updated'] . ', ' . $_SESSION['username'] . '</p>'; } else { $display .= '<p>' . $lang['alert_site_admin'] . '</p>'; } // end else } // end if $pass_the_form == "Yes" } // end else $misc->log_action($lang['log_updated_user'] . ': ' . $user_id); return $display; }