/** * * @param int $oldUserId * @param array $editUser a post-variable which contains a user.. * working var-names: * password = cleartext-password<br /> * name = the name of the user..<br /> * username = the username<br /> * role = the new role * @param PDO $connection */ public static function editUser($oldUserId, $editUser, $connection) { if (!empty($editUser)) { $fakeOldUser = usertools::getAlienUserbyId($oldUserId, $connection); $changes = false; $changeSQL = array(); $remeberExisting = array(); $userRoleIds = array(); $getUsedRoles = array(); foreach (array_keys($_POST) as $key) { if (substr($key, 0, 5) == "role_") { $getUsedRoles[] = $_POST[$key]; } } foreach ($fakeOldUser->getRoles() as $uRole) { $userRoleIds[] = $uRole->getId(); } if (!empty($editUser['role']) && $fakeOldUser->getUsername() != $editUser['username']) { array_push($changeSQL, ' name="' . $editUser['name'] . '"'); if ($_SESSION['user']->getId() == $oldUserId) { $_SESSION['user']->setName($editUser['name']); } $changes = true; } if (!empty($editUser['password'])) { $password = hash($GLOBALS["password_hash"], $editUser['password']); if ($fakeOldUser->getPassword() != $password) { usertools::setPassword($fakeOldUser->getUsername(), $editUser['password'], $connection); $changes = true; } } usertools::setRole($fakeOldUser, $getUsedRoles, $connection); $changes = true; } if ($changes) { $SQLUpdate = "UPDATE users_profile SET"; foreach ($changeSQL as $singlechange) { $SQLUpdate .= $singlechange; } $SQLUpdate .= ' WHERE user_profile_id="' . $fakeOldUser->getId() . '";'; $connection->exec($SQLUpdate); } }
case "edit": $template->assign("allcss", array("js/dojo/dojox/editor/plugins/resources/css/Preview.css", "js/dojo/dojox/form/resources/FileUploader.css", "js/dojo/dojox/editor/plugins/resources/css/FindReplace.css")); $template->assign("onLoadCode", 'dojo.connect(customfieldList,"onDndDrop",function(e){updateCustomfieldList()});'); $template->assign("dojorequire", array("dojo.dnd.Source", "dojox.editor.plugins.Preview", "dojox.editor.plugins.FindReplace")); if (isset($_POST)) { usertools::editUser($user->getId(), $_POST, $connection); } if (isset($_GET['editId'])) { $template->assign("editCustomField", $user->getCustomfieldById($_GET['editId'])); } $template->assign("customfields", $user->getCustomfields($connection)); $template->assign("roles", $user->getRoles()); $template->assign("username", $user->getUsername()); $template->display('profile_edit.tpl'); break; default: if (isset($_GET['userid']) && usertools::userIdExists($_GET['userid'], $connection) && $_GET['userid'] != $user->getId()) { $user = usertools::getAlienUserbyId($_GET['userid'], $connection); } elseif (isset($_GET['userid']) && $_GET['userid'] == -1) { $user = new alienuser(); $user->setId(-1); $user->setUsername("Guest"); } else { $template->assign("own", true); $template->assign("roles", $user->getRoles()); } $template->assign("customfields", $user->getCustomfields($connection)); $template->assign("username", $user->getUsername()); $template->display("profile.tpl"); break; }