{

global $connection;

global $HeaderString;

global $loginWelcomeMsg;

global $loginStatus;

global $loginLinks;

global $loginEmail;

global $adminLoginEmail;

global $defaultCiteStyle;

global $maximumBrowseLinks;

global $loc; // '$loc' is made globally available in 'core.php'

if ($rowsFound > 0) // If the query has results ...

{

// BEGIN RESULTS HEADER --------------------

// 1) First, initialize some variables that we'll need later on

// Note: In contrast to 'search.php', we don't hide any columns but the user_id column (see below)

// However, in order to maintain a similar code structure to 'search.php' we define $CounterMax here as well & simply set it to 0:

$CounterMax = "0";

// count the number of fields

$fieldsFound = mysql_num_fields($result);

// hide those last columns that were added by the script and not by the user

$fieldsToDisplay = $fieldsFound-(1+$CounterMax); // (1+$CounterMax) -> $CounterMax is increased by 1 in order to hide the user_id column (which was added to make the checkbox work)

// Calculate the number of all visible columns (which is needed as colspan value inside some TD tags)

if ($showLinks == "1")

$NoColumns = (1+$fieldsToDisplay+1); // add checkbox & Links column

else

$NoColumns = (1+$fieldsToDisplay); // add checkbox column

// Note: we omit the results header in print/mobile view! ('viewType=Print' or 'viewType=Mobile')

if (!preg_match("/^(Print|Mobile)$/i", $viewType))

{

// Specify which colums are available in the popup menus of the results header:

$dropDownFieldsArray = array("first_name" => "first_name",

"last_name" => "last_name",

"title" => "title",

"institution" => "institution",

"abbrev_institution" => "abbrev_institution",

"corporate_institution" => "corporate_institution",

"address_line_1" => "address_line_1",

"address_line_2" => "address_line_2",

"address_line_3" => "address_line_3",

"zip_code" => "zip_code",

"city" => "city",

"state" => "state",

"country" => "country",

"phone" => "phone",

"email" => "email",

"url" => "url",

"language" => "language",

"keywords" => "keywords",

"notes" => "notes",

"marked" => "marked",

"last_login" => "last_login",

"logins" => "logins",

"user_id" => "user_id",

"user_groups" => "user_groups",

"created_date" => "created_date",

"created_time" => "created_time",

"created_by" => "created_by",

"modified_date" => "modified_date",

"modified_time" => "modified_time",

"modified_by" => "modified_by"

);

// Extract the first field from the 'WHERE' clause:

if (preg_match("/ WHERE [ ()]*(\w+)/i", $query))

$selectedField = preg_replace("/.+ WHERE [ ()]*(\w+).*/i", "\\1", $query);

else

$selectedField = "last_name"; // in the 'Search within Results" form, we'll select the 'last_name' field by default

// Build a TABLE with forms containing options to show the user groups, refine the search results or change the displayed columns:

// - Build a FORM with a popup containing the user groups:

$formElementsGroup = buildGroupSearchElements("users.php", $queryURL, $query, $showQuery, $showLinks, $showRows, $defaultCiteStyle, "", $displayType); // function 'buildGroupSearchElements()' is defined in 'include.inc.php'

// - Build a FORM containing options to refine the search results:

// Call the 'buildRefineSearchElements()' function (defined in 'include.inc.php') which does the actual work:

$formElementsRefine = buildRefineSearchElements("users.php", $queryURL, $showQuery, $showLinks, $showRows, $defaultCiteStyle, "", $dropDownFieldsArray, $selectedField, $displayType);

// - Build a FORM containing display options (show/hide columns or change the number of records displayed per page):

// Call the 'buildDisplayOptionsElements()' function (defined in 'include.inc.php') which does the actual work:

$formElementsDisplayOptions = buildDisplayOptionsElements("users.php", $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $defaultCiteStyle, "", $dropDownFieldsArray, $selectedField, $fieldsToDisplay, $displayType, "");

echo displayResultsHeader("users.php", $formElementsGroup, $formElementsRefine, $formElementsDisplayOptions, $displayType); // function 'displayResultsHeader()' is defined in 'results_header.inc.php'

}

// and insert a divider line (which separates the results header from the browse links & results data below):

if (!preg_match("/^(Print|Mobile)$/i", $viewType)) // Note: we omit the divider line in print/mobile view! ('viewType=Print' or 'viewType=Mobile')

echo "\n<hr class=\"resultsheader\" align=\"center\" width=\"93%\">";

// Build a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages

// call the 'buildBrowseLinks()' function (defined in 'include.inc.php'):

$BrowseLinks = buildBrowseLinks("users.php", $query, $NoColumns, $rowsFound, $showQuery, $showLinks, $showRows, $rowOffset, $previousOffset, $nextOffset, "1", $maximumBrowseLinks, "sqlSearch", $displayType, $defaultCiteStyle, "", "", "", $viewType); // Note: we set the last 3 fields ('$citeOrder', '$orderBy' & $headerMsg') to "" since they aren't (yet) required here

echo $BrowseLinks;

// Start a FORM

echo "\n<form action=\"users.php\" method=\"GET\" name=\"queryResults\">"

. "\n<input type=\"hidden\" name=\"formType\" value=\"queryResults\">"

. "\n<input type=\"hidden\" name=\"submit\" value=\"Add\">" // provide a default value for the 'submit' form tag (then, hitting <enter> within the 'ShowRows' text entry field will act as if the user clicked the 'Add' button)

. "\n<input type=\"hidden\" name=\"showRows\" value=\"$showRows\">" // embed the current values of '$showRows', '$rowOffset' and the current sqlQuery so that they can be re-applied after the user pressed the 'Add' or 'Remove' button within the 'queryResults' form

. "\n<input type=\"hidden\" name=\"rowOffset\" value=\"$rowOffset\">"

. "\n<input type=\"hidden\" name=\"sqlQuery\" value=\"$queryURL\">";

// And start a TABLE

echo "\n<table id=\"columns\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"95%\" summary=\"This table displays users of this database\">";

// For the column headers, start another TABLE ROW ...

echo "\n<tr>";

// ... print a marker ('x') column (which will hold the checkboxes within the results part)

if (!preg_match("/^(Print|Mobile)$/i", $viewType)) // Note: we omit the marker column in print/mobile view! ('viewType=Print' or 'viewType=Mobile')

echo "\n\t<th align=\"left\" valign=\"top\">&nbsp;</th>";

// for each of the attributes in the result set...

for ($i=0; $i<$fieldsToDisplay; $i++)

{

// ...print out each of the attribute names

// in that row as a separate TH (Table Header)...

$HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">"; // start the table header tag

$HTMLafterLink = "</th>"; // close the table header tag

// call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name

// as well as the URL encoded query with the appropriate ORDER clause:

$tableHeaderLink = buildFieldNameLinks("users.php", $query, "", $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, "1", $defaultCiteStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", $displayType, "", "", "", $viewType);

echo $tableHeaderLink; // print the attribute name as link

}

if ($showLinks == "1")

{

$newORDER = ("ORDER BY user_id"); // Build the appropriate ORDER BY clause to facilitate sorting by Links column

$HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">"; // start the table header tag

$HTMLafterLink = "</th>"; // close the table header tag

// call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name

// as well as the URL encoded query with the appropriate ORDER clause:

$tableHeaderLink = buildFieldNameLinks("users.php", $query, $newORDER, $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, "1", $defaultCiteStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", $displayType, $loc["Links"], "user_id", "", $viewType);

echo $tableHeaderLink; // print the attribute name as link

}

// Finish the row

echo "\n</tr>";

// END RESULTS HEADER ----------------------

// display default user

echo "<tr class=\"odd\">";

echo "<td align=\"left\" valign=\"top\" width=\"10\"><input DISABLED type=\"checkbox\"</td>";

echo "<td valign=\"top\"colspan=2>Account options for anyone who isn't logged in</td>";

echo "<td valign=\"top\">-</td><td valign=\"top\">-</td><td valign=\"top\">-</td><td valign=\"top\">-</td>";

echo "<td><a href=\"user_options.php?userID=0". "\"><img src=\"img/options.gif\" alt=\""

. $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a></td>";

echo "</tr>";

// BEGIN RESULTS DATA COLUMNS --------------

for ($rowCounter=0; (($rowCounter < $showRows) && ($row = @ mysql_fetch_array($result))); $rowCounter++)

{

if (is_integer($rowCounter / 2)) // if we currently are at an even number of rows

$rowClass = "even";

else

$rowClass = "odd";

// ... start a TABLE ROW ...

echo "\n<tr class=\"" . $rowClass . "\">";

// ... print a column with a checkbox

if (!preg_match("/^(Print|Mobile)$/i", $viewType)) // Note: we omit the marker column in print/mobile view! ('viewType=Print' or 'viewType=Mobile')

echo "\n\t<td align=\"left\" valign=\"top\" width=\"10\"><input type=\"checkbox\" name=\"marked[]\" value=\"" . $row["user_id"] . "\"></td>";

// ... and print out each of the attributes

// in that row as a separate TD (Table Data)

for ($i=0; $i<$fieldsToDisplay; $i++)

{

// fetch the current attribute name:

$orig_fieldname = getMySQLFieldInfo($result, $i, "name"); // function 'getMySQLFieldInfo()' is defined in 'include.inc.php'

if (preg_match("/^email$/", $orig_fieldname))

echo "\n\t<td valign=\"top\"><a href=\"mailto:" . $row["email"] . "\">" . $row["email"] . "</a></td>";

elseif (preg_match("/^url$/", $orig_fieldname) AND !empty($row["url"]))

echo "\n\t<td valign=\"top\"><a href=\"" . $row["url"] . "\">" . $row["url"] . "</a></td>";

else

echo "\n\t<td valign=\"top\">" . encodeHTML($row[$i]) . "</td>";

}

// embed appropriate links (if available):

if ($showLinks == "1")

{

echo "\n\t<td valign=\"top\">";

echo "\n\t\t<a href=\"user_receipt.php?userID=" . $row["user_id"]

. "\"><img src=\"img/details.gif\" alt=\"" . $loc["details"] . "\" title=\"" . $loc["LinkTitle_ShowDetailsAndOptions"] . "\" width=\"9\" height=\"17\" hspace=\"0\" border=\"0\"></a>&nbsp;&nbsp;";

echo "\n\t\t<a href=\"user_details.php?userID=" . $row["user_id"]

. "\"><img src=\"img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditDetails"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>&nbsp;&nbsp;";

echo "\n\t\t<a href=\"user_options.php?userID=" . $row["user_id"]

. "\"><img src=\"img/options.gif\" alt=\"" . $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>&nbsp;&nbsp;";

$adminUserID = getUserID($adminLoginEmail); // ...get the admin's 'user_id' using his/her 'adminLoginEmail' (function 'getUserID()' is defined in 'include.inc.php')

if ($row["user_id"] != $adminUserID) // we only provide a delete link if this user isn't the admin:

echo "\n\t\t<a href=\"user_receipt.php?userID=" . $row["user_id"] . "&amp;userAction=Delete"

. "\"><img src=\"img/delete.gif\" alt=\"" . $loc["delete"] . "\" title=\"" . $loc["LinkTitle_DeleteUser"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";

echo "\n\t</td>";

}

// Finish the row

echo "\n</tr>";

}

// Then, finish the table

echo "\n</table>";

// END RESULTS DATA COLUMNS ----------------

// BEGIN RESULTS FOOTER --------------------

// Note: we omit the results footer in print/mobile view! ('viewType=Print' or 'viewType=Mobile')

if (!preg_match("/^(Print|Mobile)$/i", $viewType))

{

// Again, insert the (already constructed) BROWSE LINKS

// (i.e., a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages)

echo $BrowseLinks;

// Insert a divider line (which separates the results data from the results footer):

echo "\n<hr class=\"resultsfooter\" align=\"center\" width=\"93%\">";

// Build a TABLE containing rows with buttons which will trigger actions that act on the selected users

// Call the 'buildUserResultsFooter()' function (which does the actual work):

$userResultsFooter = buildUserResultsFooter($NoColumns);

echo $userResultsFooter;

}

// END RESULTS FOOTER ----------------------

// Finally, finish the form

echo "\n</form>";

}

else

{

// Report that nothing was found:

echo "\n<table id=\"error\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table displays users of this database\">"

. "\n<tr>"

. "\n\t<td valign=\"top\">Sorry, but your query didn't produce any results!&nbsp;&nbsp;<a href=\"javascript:history.back()\">Go Back</a></td>"

. "\n</tr>"

. "\n</table>";

}// end if $rowsFound body

{

global $loc; // '$loc' is made globally available in 'core.php'

// Start a TABLE

$userResultsFooterRow = "\n<table class=\"resultsfooter\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table holds the results footer which offers a form to assign selected users to a group and set their permissions\">";

$userResultsFooterRow .= "\n<tr>"

. "\n\t<td align=\"left\" valign=\"top\">"

. "Selected Users:"

. "</td>";

// Admin user groups functionality:

if (!isset($_SESSION['adminUserGroups']))

{

$groupSearchDisabled = " disabled"; // disable the (part of the) 'Add to/Remove from group' form elements if the session variable holding the admin's user groups isn't available

$groupSearchPopupMenuChecked = "";

$groupSearchTextInputChecked = " checked";

$groupSearchSelectorTitle = "(to setup a new group with all selected users, enter a group name to the right, then click the 'Add' button)";

$groupSearchTextInputTitle = "to setup a new group with the selected users, specify the name of the group here, then click the 'Add' button";

}

else

{

$groupSearchDisabled = "";

$groupSearchPopupMenuChecked = " checked";

$groupSearchTextInputChecked = "";

$groupSearchSelectorTitle = "choose the group to which the selected users shall belong (or from which they shall be removed)";

$groupSearchTextInputTitle = "to setup a new group with the selected users, click the radio button to the left &amp; specify the name of the group here, then click the 'Add' button";

}

$userResultsFooterRow .= "\n\t<td align=\"left\" valign=\"top\" colspan=\"" . ($NoColumns - 1) . "\">"

. "\n\t\t<input type=\"submit\" name=\"submit\" value=\"Add\" title=\"add all selected users to the specified group\">&nbsp;"

. "\n\t\t<input type=\"submit\" name=\"submit\" value=\"Remove\" title=\"remove all selected users from the specified group\"$groupSearchDisabled>&nbsp;&nbsp;&nbsp;group:&nbsp;&nbsp;"

. "\n\t\t<input type=\"radio\" name=\"userGroupActionRadio\" value=\"1\" title=\"click here if you want to add (remove) the selected users to (from) an existing group; then, choose the group name from the popup menu to the right\"$groupSearchDisabled$groupSearchPopupMenuChecked>"

. "\n\t\t<select name=\"userGroupSelector\" title=\"$groupSearchSelectorTitle\"$groupSearchDisabled>";

if (!isset($_SESSION['adminUserGroups']))

{

$userResultsFooterRow .= "\n\t\t\t<option>(no groups available)</option>";

}

else

{

$optionTags = buildSelectMenuOptions($_SESSION['adminUserGroups'], "/ *; */", "\t\t\t", false); // build properly formatted <option> tag elements from the items listed in the 'adminUserGroups' session variable

$userResultsFooterRow .= $optionTags;

}

$userResultsFooterRow .= "\n\t\t</select>&nbsp;&nbsp;&nbsp;"

. "\n\t\t<input type=\"radio\" name=\"userGroupActionRadio\" value=\"0\" title=\"click here if you want to setup a new group; then, enter the group name in the text box to the right\"$groupSearchTextInputChecked>"

. "\n\t\t<input type=\"text\" name=\"userGroupName\" value=\"\" size=\"8\" title=\"$groupSearchTextInputTitle\">"

. "\n\t</td>"

. "\n</tr>";

// Set user permissions functionality:

$userResultsFooterRow .= "\n<tr>"

. "\n\t<td align=\"left\" valign=\"top\">&nbsp;</td>"

. "\n\t<td align=\"left\" valign=\"top\" colspan=\"" . ($NoColumns - 1) . "\">"

. "\n\t\t<input type=\"submit\" name=\"submit\" value=\"Allow\" title=\"allow all selected users to use the specified feature\">&nbsp;"

. "\n\t\t<input type=\"submit\" name=\"submit\" value=\"Disallow\" title=\"do not allow the selected users to use the specified feature\">&nbsp;&nbsp;&nbsp;feature:&nbsp;&nbsp;"

. "\n\t\t<select name=\"userPermissionSelector\" title=\"select the permission setting you'd like to change for the selected users\">";

// Map raw field names from table 'user_permissions' with items of the global localization array ('$loc'):

$userPermissionsArray = array('allow_add' => $loc['UserPermission_AllowAdd'],

'allow_edit' => $loc['UserPermission_AllowEdit'],

'allow_delete' => $loc['UserPermission_AllowDelete'],

'allow_download' => $loc['UserPermission_AllowDownload'],

'allow_upload' => $loc['UserPermission_AllowUpload'],

'allow_list_view' => $loc['UserPermission_AllowListView'],

'allow_details_view' => $loc['UserPermission_AllowDetailsView'],

'allow_print_view' => $loc['UserPermission_AllowPrintView'],

// 'allow_browse_view' => $loc['UserPermission_AllowBrowseView'],

'allow_sql_search' => $loc['UserPermission_AllowSQLSearch'],

'allow_user_groups' => $loc['UserPermission_AllowUserGroups'],

'allow_user_queries' => $loc['UserPermission_AllowUserQueries'],

'allow_rss_feeds' => $loc['UserPermission_AllowRSSFeeds'],

'allow_import' => $loc['UserPermission_AllowImport'],

'allow_export' => $loc['UserPermission_AllowExport'],

'allow_cite' => $loc['UserPermission_AllowCite'],

'allow_batch_import' => $loc['UserPermission_AllowBatchImport'],

'allow_batch_export' => $loc['UserPermission_AllowBatchExport'],

'allow_modify_options' => $loc['UserPermission_AllowModifyOptions']);

// 'allow_edit_call_number' => $loc['UserPermission_AllowEditCallNumber']);

$optionTags = buildSelectMenuOptions($userPermissionsArray, "//", "\t\t\t", true); // build properly formatted <option> tag elements from the items listed in the '$userPermissionsArray' variable

$userResultsFooterRow .= $optionTags;

$userResultsFooterRow .= "\n\t\t</select>"

. "\n\t</td>"

. "\n</tr>";

// Finish the table:

$userResultsFooterRow .= "\n</table>";

return $userResultsFooterRow;

{

global $tableUsers; // defined in 'db.inc.php'

if (!empty($sqlQuery)) // if there's a previous SQL query available

{

// use the custom set of colums chosen by the user:

$query = "SELECT " . extractSELECTclause($sqlQuery); // function 'extractSELECTclause()' is defined in 'include.inc.php'

// user the custom ORDER BY clause chosen by the user:

$queryOrderBy = extractORDERBYclause($sqlQuery); // function 'extractORDERBYclause()' is defined in 'include.inc.php'

}

else

{

$query = "SELECT first_name, last_name, abbrev_institution, email, last_login, logins, user_id"; // use the default SELECT statement

$queryOrderBy = "last_login DESC, last_name, first_name"; // add the default ORDER BY clause

}

$groupSearchSelector = $_REQUEST['groupSearchSelector']; // extract the user group chosen by the user

$query .= ", user_id"; // add 'user_id' column (although it won't be visible the 'user_id' column gets included in every search query)

// (which is required in order to obtain unique checkbox names as well as for use in the 'getUserID()' function)

$query .= " FROM $tableUsers"; // add FROM clause

$query .= " WHERE user_groups RLIKE " . quote_smart("(^|.*;) *" . $groupSearchSelector . " *(;.*|$)"); // add WHERE clause

$query .= " ORDER BY " . $queryOrderBy; // add ORDER BY clause

return $query;

{

global $tableUsers; // defined in 'db.inc.php'

$userGroupActionRadio = $_REQUEST['userGroupActionRadio']; // extract user option whether we're supposed to process an existing group name or any custom/new group name that was specified by the user

// Extract the chosen user group from the request:

// first, we need to check whether the user did choose an existing group name from the popup menu

// -OR- if he/she did enter a custom group name in the text entry field:

if ($userGroupActionRadio == "1") // if the user checked the radio button next to the group popup menu ('userGroupSelector') [this is the default]

{

if (isset($_REQUEST['userGroupSelector']))

$userGroup = $_REQUEST['userGroupSelector']; // extract the value of the 'userGroupSelector' popup menu

else

$userGroup = "";

}

else // $userGroupActionRadio == "0" // if the user checked the radio button next to the group text entry field ('userGroupName')

{

if (isset($_REQUEST['userGroupName']))

$userGroup = $_REQUEST['userGroupName']; // extract the value of the 'userGroupName' text entry field

else

$userGroup = "";

}

// extract the specified permission setting:

if (isset($_REQUEST['userPermissionSelector']))

$userPermission = $_REQUEST['userPermissionSelector']; // extract the value of the 'userPermissionSelector' popup menu

else

$userPermission = "";

if (!empty($recordSerialsArray))

{

if (preg_match("/^(Add|Remove)$/", $displayType)) // (hitting <enter> within the 'userGroupName' text entry field will act as if the user clicked the 'Add' button)

{

modifyUserGroups($tableUsers, $displayType, $recordSerialsArray, "", $userGroup); // add (remove) selected records to (from) the specified user group (function 'modifyUserGroups()' is defined in 'include.inc.php')

}

elseif (preg_match("/^(Allow|Disallow)$/", $displayType))

{

if ($displayType == "Allow")

$userPermissionsArray = array("$userPermission" => "yes");

else // ($displayType == "Disallow")

$userPermissionsArray = array("$userPermission" => "no");

// Update the specified user permission for the current user:

$updateSucceeded = updateUserPermissions($recordSerialsArray, $userPermissionsArray); // function 'updateUserPermissions()' is defined in 'include.inc.php'

if ($updateSucceeded) // save an informative message:

$HeaderString = returnMsg("User permission <code>$userPermission</code> was updated successfully!", "", "", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php'

else // return an appropriate error message:

$HeaderString = returnMsg("User permission <code>$userPermission</code> could not be updated!", "warning", "strong", "HeaderString");

}

}

// re-assign the correct display type if the user clicked the 'Add', 'Remove', 'Allow' or 'Disallow' button of the 'queryResults' form:

$displayType = $originalDisplayType;

// re-apply the current sqlQuery:

$query = preg_replace("/ FROM $tableUsers/i",", user_id FROM $tableUsers",$sqlQuery); // add 'user_id' column (which is required in order to obtain unique checkbox names)

return array($query, $displayType);