echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, '', '', $param); } echo th_order_by('username', $text['label-username'], $order_by, $order); echo "<th>" . $text['label-groups'] . "</th>\n"; echo th_order_by('user_enabled', $text['label-enabled'], $order_by, $order, '', '', $param); echo "<td class='list_control_icons'>"; if (permission_exists('user_add')) { if ($_SESSION['limit']['users']['numeric'] == '' || $_SESSION['limit']['users']['numeric'] != '' && $total_users < $_SESSION['limit']['users']['numeric']) { echo "<a href='signup.php' alt='" . $text['button-add'] . "'>" . $v_link_label_add . "</a>"; } } echo "</td>\n"; echo "</tr>\n"; if ($user_count > 0) { foreach ($users as $row) { if (if_superadmin($superadmins, $row['user_uuid']) && !if_group("superadmin")) { //hide } else { $tr_link = permission_exists('user_edit') ? "href='usersupdate.php?id=" . $row['user_uuid'] . "'" : null; echo "<tr " . $tr_link . ">\n"; if (permission_exists('user_all') && $_GET['showall'] == 'true') { echo "\t<td valign='top' class='" . $row_style[$c] . "'>" . $_SESSION['domains'][$row['domain_uuid']]['domain_name'] . "</td>\n"; } echo "\t<td valign='top' class='" . $row_style[$c] . "'>"; if (permission_exists('user_edit')) { echo "<a href='usersupdate.php?id=" . $row['user_uuid'] . "'>" . $row['username'] . "</a>"; } else { echo $row['username']; } echo "\t</td>\n"; echo "\t<td valign='top' class='" . $row_style[$c] . "'>";
if (permission_exists("user_add") || permission_exists("user_edit") || permission_exists("user_delete") || if_group("superadmin")) { //access allowed } else { echo "access denied"; return; } //add multi-lingual support $language = new text(); $text = $language->get(); //get data from the db if (strlen($_REQUEST["id"]) > 0) { $user_uuid = $_REQUEST["id"]; } //required to be a superadmin to update an account that is a member of the superadmin group $superadmins = superadmin_list($db); if (if_superadmin($superadmins, $user_uuid)) { if (!if_group("superadmin")) { echo "access denied"; exit; } } //delete the group from the user if ($_GET["a"] == "delete" && permission_exists("user_delete")) { //set the variables $group_uuid = check_str($_GET["group_uuid"]); //delete the group from the users $sql = "delete from v_group_users where 1 = 1 "; $sql .= "and group_uuid = '" . $group_uuid . "' "; $sql .= "and user_uuid = '" . $user_uuid . "' "; $db->exec(check_sql($sql)); //redirect the user
if (permission_exists('user_domain')) { $sql = "select domain_uuid from v_users "; $sql .= "where user_uuid = '" . $user_uuid . "' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $domain_uuid = $row["domain_uuid"]; } unset($prep_statement); } else { $domain_uuid = $_SESSION['domain_uuid']; } //required to be a superadmin to delete a member of the superadmin group $superadmin_list = superadmin_list($db); if (if_superadmin($superadmin_list, $user_uuid)) { if (!if_group("superadmin")) { //access denied - do not delete the user header("Location: index.php"); return; } } //delete the user settings $sql = "delete from v_user_settings "; $sql .= "where user_uuid = '" . $user_uuid . "' "; $sql .= "and domain_uuid = '" . $domain_uuid . "' "; if (!$db->exec($sql)) { $info = $db->errorInfo(); print_r($info); } //delete the groups the user is assigned to