function edit()
{
$id = WebApp::post('id') === NULL ? '' : intval(WebApp::post('id'));
$this->parent->parent->debug($id);
if (!is_int($id)) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>User ID must be an integer</code>', B_T_FAIL);
}
if ($id == $this->parent->parent->user->getUserID() && !$this->parent->inGroup(1)) {
$this->parent->parent->logEvent($this::name_space, 'Attempted to edit themself');
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot edit yourself</code>', B_T_FAIL);
}
$f_name = WebApp::post('f_name') === NULL ? '' : WebApp::post('f_name');
$s_name = WebApp::post('s_name') === NULL ? '' : WebApp::post('s_name');
$username = WebApp::post('username') === NULL ? '' : WebApp::post('username');
$email = WebApp::post('email') === NULL ? '' : WebApp::post('email');
$n_pwd = WebApp::post('n_pwd') === NULL ? '' : WebApp::post('n_pwd');
$n_pwd_c = WebApp::post('c_pwd') === NULL ? '' : WebApp::post('c_pwd');
$chgPwd = WebApp::post('chgPwd') === NULL ? '' : WebApp::post('chgPwd');
$enabled = WebApp::post('enabled') === NULL ? false : WebApp::post('enabled');
$p_group = WebApp::post('p_group') === NULL ? 3 : WebApp::post('p_group');
$s_groups = WebApp::post('s_group') === NULL ? array() : strgetcsv(WebApp::post('s_group'));
if ($f_name == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>First Name must not be blank</code>', B_T_FAIL);
}
if ($s_name == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Surname must not be blank</code>', B_T_FAIL);
}
if ($username == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Username must not be blank</code>', B_T_FAIL);
}
if ($email == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Email must not be blank</code>', B_T_FAIL);
}
if ($chgPwd == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Change Password must not be blank</code>', B_T_FAIL);
}
if ($enabled == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Enabled must not be blank</code>', B_T_FAIL);
}
if ($p_group == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Primary Group must not be blank</code>', B_T_FAIL);
}
if ($this->parent->inGroup(2, false) && $p_group == 1) {
$this->parent->parent->logEvent($this::name_space, 'Tried to make "' . $username . '" a Super Admin');
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot escalate privileges</code>', B_T_FAIL);
}
if ($this->parent->parent->user->getUserID() == $id && $enabled == false) {
$this->parent->parent->logEvent($this::name_space, 'Tried to disable themself');
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot disable yourself</code>', B_T_FAIL);
}
if ($n_pwd != $n_pwd_c) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>New passwords must match, or both be empty</code>', B_T_FAIL);
}
$clear_sgroup = $this->mySQL_w->prepare("DELETE FROM `core_sgroup` WHERE `user`=?");
$update_sgroup = $this->mySQL_w->prepare("INSERT INTO `core_sgroup` (`user`, `group`) VALUES (?, ?)");
if ($clear_sgroup === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Clear query failed</code>', B_T_FAIL);
}
if ($update_sgroup === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update sgroup query failed</code>', B_T_FAIL);
}
if ($n_pwd != '') {
$userCtrl = $this->parent->parent->user;
$hash = $userCtrl->ranHash();
$new_pwd = $userCtrl->pwd_hash($n_pwd, $hash) . ':' . $hash;
$update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=?,`pass`=?, `pwd_reset`=`pwd_reset`+1 WHERE `id`=? AND `username`=?");
if ($update === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL);
}
$update->bind_param('sssiiisis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $new_pwd, $id, $username);
} else {
$update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=? WHERE `id`=? AND `username`=?");
if ($update === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL);
}
$update->bind_param('sssiiiis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $id, $username);
}
$clear_sgroup->bind_param('i', $id);
$update_sgroup->bind_param('ii', $id, $sgroup);
$clear_sgroup->execute();
if (count($s_groups) != 0) {
foreach ($s_groups as $sgroup) {
$this->parent->parent->debug($sgroup);
$update_sgroup->bind_param('ii', $id, $sgroup);
$update_sgroup->execute();
}
}
if ($n_pwd != '') {
$mail = new Emailer();
$mail->Subject = 'Password Changed';
$mail->msgHTML(UserEmail::adminPasswordChange($f_name)['html']);
$mail->AltBody = UserEmail::adminPasswordChange($f_name)['text'];
$mail->addAddress($email, $f_name . ' ' . $s_name);
$mail->send();
}
$update->execute();
$update->store_result();
$this->parent->parent->logEvent($this::name_space, 'Edited user "' . $username . '"');
return new ActionResult($this, '/admin/user/user_view', 1, 'User was edited.', B_T_SUCCESS, array('form' => array('n_pwd' => '', 'c_pwd' => '')));
}