Exemplo n.º 1
    $result = $result->fetchArray();
if (!isset($result) || empty($result)) {
    // If system was reloaded and MachineSelfID no longer matches but there is existing IP or MAC address claim against it
    // XXX dropped LastIP = :ip_address OR
    $stmt = phoromatic_server::$db->prepare('SELECT Title, SystemID, Groups, State, MaintenanceMode, LastCommunication FROM phoromatic_systems WHERE AccountID = :account_id AND NetworkMAC = :network_mac');
    $stmt->bindValue(':account_id', ACCOUNT_ID);
    $stmt->bindValue(':ip_address', $_SERVER['REMOTE_ADDR']);
    $stmt->bindValue(':network_mac', $NETWORK_CLIENT_MAC);
    $result = $stmt->execute();
    $result = $result->fetchArray();
if (empty($result)) {
    do {
        $system_id = pts_strings::random_characters(5, true);
        $matching_system = phoromatic_server::$db->querySingle('SELECT AccountID FROM phoromatic_systems WHERE SystemID = \'' . $system_id . '\'');
    } while (!empty($matching_system));
    $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_systems (AccountID, SystemID, Hardware, Software, ClientVersion, GSID, CurrentTask, CreatedOn, LastCommunication, LastIP, LocalIP, Title, State, MachineSelfID, CoreVersion) VALUES (:account_id, :system_id, :client_hardware, :client_software, :client_version, :gsid, \'Awaiting Authorization\', :current_time, :current_time, :access_ip, :local_ip, :title, 0, :machine_self_id, :core_version)');
    $stmt->bindValue(':account_id', $ACCOUNT_ID);
    $stmt->bindValue(':system_id', $system_id);
    $stmt->bindValue(':client_hardware', $CLIENT_HARDWARE);
    $stmt->bindValue(':client_software', $CLIENT_SOFTWARE);
    $stmt->bindValue(':client_version', $CLIENT_VERSION);
    $stmt->bindValue(':gsid', $GSID);
    $stmt->bindValue(':access_ip', $_SERVER['REMOTE_ADDR']);
    $stmt->bindValue(':local_ip', $LOCAL_IP);
    $stmt->bindValue(':title', $HOSTNAME);
    $stmt->bindValue(':current_time', phoromatic_server::current_time());
    $stmt->bindValue(':machine_self_id', $PTS_MACHINE_SELF_ID);
    $stmt->bindValue(':core_version', $CLIENT_CORE_VERSION);
    public static function render_page_process($PATH)
        $is_new = true;
        if (!empty($PATH[0]) && is_numeric($PATH[0])) {
            $stmt = phoromatic_server::$db->prepare('SELECT * FROM phoromatic_schedules WHERE AccountID = :account_id AND ScheduleID = :schedule_id');
            $stmt->bindValue(':account_id', $_SESSION['AccountID']);
            $stmt->bindValue(':schedule_id', $PATH[0]);
            $result = $stmt->execute();
            $e_schedule = $result->fetchArray();
            if (!empty($e_schedule)) {
                $is_new = false;
        if (isset($_POST['schedule_title']) && !empty($_POST['schedule_title'])) {
            $title = phoromatic_get_posted_var('schedule_title');
            $description = phoromatic_get_posted_var('schedule_description');
            $pre_install_context = phoromatic_get_posted_var('pre_install_set_context');
            $post_install_context = phoromatic_get_posted_var('post_install_set_context');
            $pre_run_context = phoromatic_get_posted_var('pre_run_set_context');
            $post_run_context = phoromatic_get_posted_var('post_run_set_context');
            $system_all = phoromatic_get_posted_var('system_all');
            $run_target_systems = phoromatic_get_posted_var('run_on_systems', array());
            $run_target_groups = phoromatic_get_posted_var('run_on_groups', array());
            if (!is_array($run_target_systems)) {
                $run_target_systems = array();
            if (!is_array($run_target_groups)) {
                $run_target_groups = array();
            $run_target_systems = implode(',', $run_target_systems);
            $run_target_groups = implode(',', $run_target_groups);
            $schedule_hour = phoromatic_get_posted_var('schedule_hour');
            $schedule_minute = phoromatic_get_posted_var('schedule_minute');
            $days_active = phoromatic_get_posted_var('days_active');
            $context_files = array('SetContextPreInstall' => 'pre_install_set_context', 'SetContextPostInstall' => 'post_install_set_context', 'SetContextPreRun' => 'pre_run_set_context', 'SetContextPostRun' => 'post_run_set_context');
            foreach ($context_files as $i => $context) {
                ${$context} = $is_new ? null : $e_schedule[$i];
            foreach ($context_files as $context) {
                ${$context} = null;
                if ($_FILES[$context]['error'] == 0 && $_FILES[$context]['size'] > 0) {
                    $sha1_hash = sha1_file($_FILES[$context]['tmp_name']);
                    if (!is_file(phoromatic_server::phoromatic_account_path($_SESSION['AccountID']) . 'context_' . $sha1_hash)) {
                        move_uploaded_file($_FILES[$context]['tmp_name'], phoromatic_server::phoromatic_account_path($_SESSION['AccountID']) . 'context_' . $sha1_hash);
                    ${$context} = $sha1_hash;
            // TODO XXX: Validation of input
            // Need a unique schedule ID
            if ($is_new) {
                do {
                    $schedule_id = rand(10, 9999);
                    $matching_schedules = phoromatic_server::$db->querySingle('SELECT ScheduleID FROM phoromatic_schedules WHERE AccountID = \'' . $_SESSION['AccountID'] . '\' AND ScheduleID = \'' . $schedule_id . '\'');
                } while (!empty($matching_schedules));
                // Need a unique public ID
                do {
                    $public_key = pts_strings::random_characters(12, true);
                    $matching_schedules = phoromatic_server::$db->querySingle('SELECT ScheduleID FROM phoromatic_schedules WHERE AccountID = \'' . $_SESSION['AccountID'] . '\' AND PublicKey = \'' . $public_key . '\'');
                } while (!empty($matching_schedules));
            } else {
                $schedule_id = $e_schedule['ScheduleID'];
                $public_key = $e_schedule['PublicKey'];
            // Add schedule
            $stmt = phoromatic_server::$db->prepare('INSERT OR REPLACE INTO phoromatic_schedules (AccountID, ScheduleID, Title, Description, State, ActiveOn, RunAt, SetContextPreInstall, SetContextPostInstall, SetContextPreRun, SetContextPostRun, LastModifiedBy, LastModifiedOn, PublicKey, RunTargetGroups, RunTargetSystems) VALUES (:account_id, :schedule_id, :title, :description, :state, :active_on, :run_at, :context_pre_install, :context_post_install, :context_pre_run, :context_post_run, :modified_by, :modified_on, :public_key, :run_target_groups, :run_target_systems)');
            $stmt->bindValue(':account_id', $_SESSION['AccountID']);
            $stmt->bindValue(':schedule_id', $schedule_id);
            $stmt->bindValue(':title', $title);
            $stmt->bindValue(':description', $description);
            $stmt->bindValue(':state', 1);
            $stmt->bindValue(':active_on', implode(',', $days_active));
            $stmt->bindValue(':run_at', $schedule_hour . '.' . $schedule_minute);
            $stmt->bindValue(':context_pre_install', $pre_install_set_context);
            $stmt->bindValue(':context_post_install', $post_install_set_context);
            $stmt->bindValue(':context_pre_run', $pre_run_set_context);
            $stmt->bindValue(':context_post_run', $post_run_set_context);
            $stmt->bindValue(':modified_by', $_SESSION['UserName']);
            $stmt->bindValue(':modified_on', phoromatic_server::current_time());
            $stmt->bindValue(':public_key', $public_key);
            $stmt->bindValue(':run_target_groups', $run_target_groups);
            $stmt->bindValue(':run_target_systems', $run_target_systems);
            $result = $stmt->execute();
            phoromatic_add_activity_stream_event('schedule', $schedule_id, $is_new ? 'added' : 'modified');
            if ($result) {
                header('Location: ?schedules/' . $schedule_id);
        echo phoromatic_webui_header_logged_in();
        $main = '
		<hr />
		<h2>' . ($is_new ? 'Create' : 'Edit') . ' A Schedule</h2>
		<p>A test schedule is used to facilitate automatically running a set of test(s)/suite(s) on either a routine timed basis or whenever triggered by an external script or process, e.g. Git/VCS commit, manually triggered, etc.</p>';
        $main .= '<form action="' . $_SERVER['REQUEST_URI'] . '" name="add_test" id="add_test" method="post" enctype="multipart/form-data" onsubmit="return validate_schedule();">
		<p><input type="text" name="schedule_title" value="' . (!$is_new ? $e_schedule['Title'] : null) . '" /></p>
		<h3><sup>1</sup> Pre-Install Set Context Script:</h3>
		<p><input type="file" name="pre_install_set_context" /></p>
		<h3><sup>1</sup> Post-Install Set Context Script:</h3>
		<p><input type="file" name="post_install_set_context" /></p>
		<h3><sup>1</sup> Pre-Run Set Context Script:</h3>
		<p><input type="file" name="pre_run_set_context" /></p>
		<h3><sup>1</sup>Post-Run Set Context Script:</h3>
		<p><input type="file" name="post_run_set_context" /></p>
		<h3>System Targets:</h3>
        $stmt = phoromatic_server::$db->prepare('SELECT Title, SystemID FROM phoromatic_systems WHERE AccountID = :account_id AND State >= 0 ORDER BY Title ASC');
        $stmt->bindValue(':account_id', $_SESSION['AccountID']);
        $result = $stmt->execute();
        if (!$is_new) {
            $e_schedule['RunTargetSystems'] = explode(',', $e_schedule['RunTargetSystems']);
            $e_schedule['RunTargetGroups'] = explode(',', $e_schedule['RunTargetGroups']);
        if ($row = $result->fetchArray()) {
            $main .= '<h4>Systems: ';
            do {
                $main .= '<input type="checkbox" name="run_on_systems[]" value="' . $row['SystemID'] . '" ' . (!$is_new && in_array($row['SystemID'], $e_schedule['RunTargetSystems']) ? 'checked="checked" ' : null) . '/> ' . $row['Title'] . ' ';
            } while ($row = $result->fetchArray());
            $main .= '</h4>';
        $stmt = phoromatic_server::$db->prepare('SELECT GroupName FROM phoromatic_groups WHERE AccountID = :account_id ORDER BY GroupName ASC');
        $stmt->bindValue(':account_id', $_SESSION['AccountID']);
        $result = $stmt->execute();
        if ($row = $result->fetchArray()) {
            $main .= '<h4>Groups: ';
            do {
                $main .= '<input type="checkbox" name="run_on_groups[]" value="' . $row['GroupName'] . '" ' . (!$is_new && in_array($row['GroupName'], $e_schedule['RunTargetGroups']) ? 'checked="checked" ' : null) . '/> ' . $row['GroupName'] . ' ';
            } while ($row = $result->fetchArray());
            $main .= '</h4>';
        $main .= '</p>
		<p><textarea name="schedule_description" id="schedule_description" cols="50" rows="3">' . (!$is_new ? $e_schedule['Description'] : null) . '</textarea></p>
		<table class="pts_phoromatic_schedule_type">
  <td><h3>Time-Based Testing</h3><em>Time-based testing allows tests to automatically commence at a given time on a defined cycle each day/week. This option is primarly aimed for those wishing to run a set of benchmarks every morning or night or at another defined period.</em></td>
  <td><h3>Run Time:</h3>
			<p><select name="schedule_hour" id="schedule_hour">';
        if (!$is_new) {
            $run_at = explode('.', $e_schedule['RunAt']);
            $days_active = !empty($e_schedule['ActiveOn']) ? explode(',', $e_schedule['ActiveOn']) : array();
        for ($i = 0; $i <= 23; $i++) {
            $i_f = strlen($i) == 1 ? '0' . $i : $i;
            $main .= '<option value="' . $i_f . '"' . (!$is_new && $run_at[0] == $i ? 'selected="selected" ' : null) . '>' . $i_f . '</option>';
        $main .= '</select> <select name="schedule_minute" id="schedule_minute">';
        for ($i = 0; $i < 60; $i += 10) {
            $i_f = strlen($i) == 1 ? '0' . $i : $i;
            $main .= '<option value="' . $i_f . '"' . (!$is_new && $run_at[1] == $i ? 'selected="selected" ' : null) . '>' . $i_f . '</option>';
        $main .= '</select><h3>Active On:</h3><p>';
        $week = array('Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday');
        foreach ($week as $index => $day) {
            $main .= '<input type="checkbox" name="days_active[]" value="' . $index . '"' . (!$is_new && in_array($index, $days_active) ? 'checked="checked" ' : null) . '/> ' . $day;
        $main .= '</p></td>
  <td><h3>Trigger-Based Testing</h3><em>To carry out trigger-based testing, you can simply have an external process/script trigger (&quot;ping&quot;) a specialized URL whenever an event occurs to commence a new round of testing. This is the most customizable approach to having Phoromatic run tests on a system if you wish to have it occur whenever a Git/SVN commit takes place or other operations.</em></td>
  <td><h3>Once creating the test schedule there will be a specialized URL you can use for &quot;pinging&quot; where you can pass it a Git commit hash, SVN revision number, date, or other unique identifiers to externally trigger the test schedules and systems to begin testing. This custom trigger is passed to any of the used context scripts for setting up the system in an appropriate state.</h3></td>
  <td><h3>One-Time / Manual Testing</h3><em>Carrying out Phoromatic-controlled benchmark on no routine schedule, similar to the trigger-based testing.</em></td>
  <td><h3>If you wish to only run a set of tests once on a given system or to do so seldom with the same set of tests, simply proceed with creating the test schedule without setting any run time / active days. When going to the web page for this test schedule there will be a button to trigger the tests to run on all affected systems.</h3></td>

			<p><sup>1</sup> <em>Indicates optional field.</em></p>
			<p align="right"><input name="submit" value="' . ($is_new ? 'Create' : 'Edit') . ' Schedule" type="submit" onclick="return pts_rmm_validate_schedule();" /></p>
        echo phoromatic_webui_main($main, phoromatic_webui_right_panel_logged_in());
        echo phoromatic_webui_footer();
function create_new_phoromatic_account($register_username, $register_password, $register_password_confirm, $register_email, $seed_accountid = null)
    if (strlen($register_username) < 4 || strpos($register_username, ' ') !== false) {
        phoromatic_error_page('Oops!', 'Please go back and ensure the supplied username is at least four characters long and contains no spaces.');
        return false;
    if (in_array(strtolower($register_username), array('admin', 'administrator', 'rootadmin'))) {
        phoromatic_error_page('Oops!', $register_username . ' is a reserved and common username that may be used for other purposes, please make a different selection.');
        return false;
    if (strlen($register_password) < 6) {
        phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password is at least six characters long.');
        return false;
    if ($register_password != $register_password_confirm) {
        phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password matches the password confirmation.');
        return false;
    if ($register_email == null || filter_var($register_email, FILTER_VALIDATE_EMAIL) == false) {
        phoromatic_error_page('Oops!', 'Please enter a valid email address.');
        return false;
    $valid_user_name_chars = '1234567890-_.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    for ($i = 0; $i < count($register_username); $i++) {
        if (strpos($valid_user_name_chars, substr($register_username, $i, 1)) === false) {
            phoromatic_error_page('Oops!', 'Please go back and ensure a valid user-name. The character <em>' . substr($register_username, $i, 1) . '</em> is not allowed.');
            return false;
    $matching_users = phoromatic_server::$db->querySingle('SELECT UserName FROM phoromatic_users WHERE UserName = \'' . SQLite3::escapeString($register_username) . '\'');
    if (!empty($matching_users)) {
        phoromatic_error_page('Oops!', 'The user-name is already taken.');
        return false;
    if (phoromatic_server::read_setting('add_new_users_to_account') != null) {
        $account_id = phoromatic_server::read_setting('add_new_users_to_account');
        $is_new_account = false;
    } else {
        $id_tries = 0;
        do {
            if ($id_tries == 0 && $seed_accountid != null && isset($seed_accountid[5])) {
                $account_id = strtoupper(substr($seed_accountid, 0, 6));
            } else {
                $account_id = pts_strings::random_characters(6, true);
            $matching_accounts = phoromatic_server::$db->querySingle('SELECT AccountID FROM phoromatic_accounts WHERE AccountID = \'' . $account_id . '\'');
        } while (!empty($matching_accounts));
        $is_new_account = true;
    $user_id = pts_strings::random_characters(4, true);
    if ($is_new_account) {
        pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' created a new account: ' . $user_id . ' - ' . $account_id);
        $account_salt = pts_strings::random_characters(12, true);
        $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_accounts (AccountID, ValidateID, CreatedOn, Salt) VALUES (:account_id, :validate_id, :current_time, :salt)');
        $stmt->bindValue(':account_id', $account_id);
        $stmt->bindValue(':validate_id', pts_strings::random_characters(4, true));
        $stmt->bindValue(':salt', $account_salt);
        $stmt->bindValue(':current_time', phoromatic_server::current_time());
        $result = $stmt->execute();
        $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_account_settings (AccountID) VALUES (:account_id)');
        $stmt->bindValue(':account_id', $account_id);
        $result = $stmt->execute();
        $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_user_settings (UserID, AccountID) VALUES (:user_id, :account_id)');
        $stmt->bindValue(':user_id', $user_id);
        $stmt->bindValue(':account_id', $account_id);
        $result = $stmt->execute();
    } else {
        pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' being added to an account: ' . $user_id . ' - ' . $account_id);
        $account_salt = phoromatic_server::$db->querySingle('SELECT Salt FROM phoromatic_accounts WHERE AccountID = \'' . $account_id . '\'');
    $salted_password = hash('sha256', $account_salt . $register_password);
    $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_users (UserID, AccountID, UserName, Email, Password, CreatedOn, LastIP, AdminLevel) VALUES (:user_id, :account_id, :user_name, :email, :password, :current_time, :last_ip, :admin_level)');
    $stmt->bindValue(':user_id', $user_id);
    $stmt->bindValue(':account_id', $account_id);
    $stmt->bindValue(':user_name', $register_username);
    $stmt->bindValue(':email', $register_email);
    $stmt->bindValue(':password', $salted_password);
    $stmt->bindValue(':last_ip', $_SERVER['REMOTE_ADDR']);
    $stmt->bindValue(':current_time', phoromatic_server::current_time());
    $stmt->bindValue(':admin_level', $is_new_account ? 1 : 10);
    $result = $stmt->execute();
    phoromatic_server::send_email($register_email, 'Phoromatic Account Registration', ($e = phoromatic_server::read_setting('admin_support_email')) != null ? $e : '*****@*****.**', '<p><strong>' . $register_username . '</strong>:</p><p>Your Phoromatic account has been created and is now active.</p>');
    return true;
    public static function render_page_process($PATH)
        if ($_SESSION['AdminLevel'] > 3) {
            echo phoromatic_error_page('Unauthorized Access', 'You aren\'t an account administrator!');
        if (isset($_POST['group_name'])) {
            $stmt = phoromatic_server::$db->prepare('UPDATE phoromatic_accounts SET GroupName = :group_name WHERE AccountID = :account_id');
            $stmt->bindValue(':group_name', $_POST['group_name']);
            $stmt->bindValue(':account_id', $_SESSION['AccountID']);
            $result = $stmt->execute();
        if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirm_password']) && isset($_POST['email'])) {
            // REGISTER NEW USER
            if (strlen($_POST['username']) < 4 || strpos($_POST['username'], ' ') !== false) {
                phoromatic_error_page('Oops!', 'Please go back and ensure the supplied username is at least four characters long and contains no spaces.');
                return false;
            if (in_array(strtolower($_POST['username']), array('admin', 'administrator'))) {
                phoromatic_error_page('Oops!', $_POST['username'] . ' is a reserved and common username that may be used for other purposes, please make a different selection.');
                return false;
            if (strlen($_POST['password']) < 6) {
                phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password is at least six characters long.');
                return false;
            if ($_POST['password'] != $_POST['confirm_password']) {
                phoromatic_error_page('Oops!', 'Please go back and ensure the supplied password matches the password confirmation.');
                return false;
            if ($_POST['email'] == null || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == false) {
                phoromatic_error_page('Oops!', 'Please enter a valid email address.');
                return false;
            $valid_user_name_chars = '1234567890-_.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
            for ($i = 0; $i < count($_POST['username']); $i++) {
                if (strpos($valid_user_name_chars, substr($_POST['username'], $i, 1)) === false) {
                    phoromatic_error_page('Oops!', 'Please go back and ensure a valid user-name. The character <em>' . substr($_POST['username'], $i, 1) . '</em> is not allowed.');
                    return false;
            $matching_users = phoromatic_server::$db->querySingle('SELECT UserName FROM phoromatic_users WHERE UserName = \'' . SQLite3::escapeString($_POST['username']) . '\'');
            if (!empty($matching_users)) {
                phoromatic_error_page('Oops!', 'The user-name is already taken.');
                return false;
            if (!isset($_POST['admin_level']) || $_POST['admin_level'] == 1 || !is_numeric($_POST['admin_level'])) {
                phoromatic_error_page('Oops!', 'Invalid administration level.');
                return false;
            $stmt = phoromatic_server::$db->prepare('SELECT Salt FROM phoromatic_accounts WHERE AccountID = :account_id');
            $stmt->bindValue(':account_id', $_SESSION['AccountID']);
            $result = $stmt->execute();
            $row = $result->fetchArray();
            $account_salt = $row['Salt'];
            $user_id = pts_strings::random_characters(4, true);
            $salted_password = hash('sha256', $account_salt . $_POST['password']);
            pts_logger::add_to_log($_SERVER['REMOTE_ADDR'] . ' created a new account: ' . $user_id . ' - ' . $_SESSION['AccountID']);
            $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_users (UserID, AccountID, UserName, Email, Password, CreatedOn, LastIP, AdminLevel) VALUES (:user_id, :account_id, :user_name, :email, :password, :current_time, :last_ip, :admin_level)');
            $stmt->bindValue(':user_id', $user_id);
            $stmt->bindValue(':account_id', $_SESSION['AccountID']);
            $stmt->bindValue(':user_name', $_POST['username']);
            $stmt->bindValue(':email', $_POST['email']);
            $stmt->bindValue(':password', $salted_password);
            $stmt->bindValue(':last_ip', $_SERVER['REMOTE_ADDR']);
            $stmt->bindValue(':current_time', phoromatic_server::current_time());
            $stmt->bindValue(':admin_level', $_POST['admin_level']);
            $result = $stmt->execute();
            $stmt = phoromatic_server::$db->prepare('INSERT INTO phoromatic_user_settings (UserID, AccountID) VALUES (:user_id, :account_id)');
            $stmt->bindValue(':user_id', $user_id);
            $stmt->bindValue(':account_id', $_SESSION['AccountID']);
            $result = $stmt->execute();
            phoromatic_add_activity_stream_event('users', $_POST['username'], 'added');
        if ($_SESSION['AdminLevel'] == 1 && isset($_POST['update_user_levels'])) {
            foreach (explode(',', $_POST['update_user_levels']) as $user_id) {
                if (isset($_POST['admin_level_' . $user_id]) && is_numeric($_POST['admin_level_' . $user_id])) {
                    $stmt = phoromatic_server::$db->prepare('UPDATE phoromatic_users SET AdminLevel = :admin_level WHERE AccountID = :account_id AND UserID = :user_id');
                    $stmt->bindValue(':admin_level', $_POST['admin_level_' . $user_id]);
                    $stmt->bindValue(':user_id', $user_id);
                    $stmt->bindValue(':account_id', $_SESSION['AccountID']);
                    $result = $stmt->execute();
        $main = '<h2>Users</h2>
			<p>Users associated with this account. Phoromatic users can be one of several tiers with varying privileges:</p>
				<li><strong>Group Administrator:</strong> The user with full control over the account, the one who originally signed up for the Phoromatic account.</li>
				<li><strong>Administrator:</strong> Additional users created by the group administrator with the same access rights as the group administrator.</li>
				<li><strong>Power Users:</strong> Additional users created by the group administrator with read/write/modify access to all standard Phoromatic functionality, aside from being able to create additional users.</li>
				<li><strong>Viewer:</strong> Additional users created by the group administrator that have access to view data but not to create new schedules, alter system settings, etc.</li>
			<div class="pts_phoromatic_info_box_area">

				<div style="margin: 0 20%;"><form action="' . $_SERVER['REQUEST_URI'] . '" name="edit_user" id="edit_user" method="post">
						<li><h1>All Users</h1></li>';
        $stmt = phoromatic_server::$db->prepare('SELECT * FROM phoromatic_users WHERE AccountID = :account_id ORDER BY UserName ASC');
        $stmt->bindValue(':account_id', $_SESSION['AccountID']);
        $result = $stmt->execute();
        $row = $result->fetchArray();
        $user_ids = array();
        do {
            switch ($row['AdminLevel']) {
                case 1:
                    $level = 'Group Administrator';
                case 2:
                    $level = 'Administrator';
                case 3:
                    $level = 'Power User';
                case 10:
                    $level = 'Viewer';
                    if ($row['AdminLevel'] < 1) {
                        $level = 'Disabled';
                    } else {
                        $level = 'Unknown';
            $main .= '<a href="#"><li>' . $row['UserName'] . '<br /><table><tr><td>';
            if ($row['AdminLevel'] == 1 || $_SESSION['AdminLevel'] != 1) {
                $main .= '<strong>' . $level . '</strong>';
            } else {
                $main .= '<select name="admin_level_' . $row['UserID'] . '">';
                foreach (array($row['AdminLevel'] * -1 => 'Disabled', 2 => 'Administrator', 3 => 'Power User', 10 => 'Viewer') as $level_id => $level_string) {
                    $main .= '<option value="' . $level_id . '"' . ($row['AdminLevel'] == $level_id ? ' selected="selected"' : null) . '>' . $level_string . '</option>';
                $main .= '</select>';
                array_push($user_ids, $row['UserID']);
            $main .= '</td><td>Last Login: '******'LastLogin']) ? 'Never' : date('j F Y H:i', strtotime($row['LastLogin']))) . '</td></tr></table></li></a>';
        } while ($row = $result->fetchArray());
        $main .= '</ul> &nbsp; <input type="hidden" name="update_user_levels" value="' . implode(',', $user_ids) . '" /> <input name="submit" value="Update User Levels" type="submit" /></form>
        $main .= '<hr /><form action="' . $_SERVER['REQUEST_URI'] . '" name="add_user" id="add_user" method="post" onsubmit="return validate_new_user();"><h2>Create Additional Account</h2>
			<p>Administrators can create extra accounts to be associated with this account\'s systems, schedules, and test data.</p>
			<p><input type="text" name="username" /></p>
			<p><input type="password" name="password" /></p>
			<h3>Confirm Password</h3>
			<p><input type="password" name="confirm_password" /></p>
			<p><input type="text" name="email" /></p>
			<h3>Administration Level</h3>
			<p><select name="admin_level">';
        if ($_SESSION['AdminLevel'] == 1) {
            $main .= '<option value="2">Administrator</option>';
        if ($_SESSION['AdminLevel'] <= 2) {
            $main .= '<option value="3">Power User</option>';
        if ($_SESSION['AdminLevel'] <= 3) {
            $main .= '<option value="10">Viewer</option>';
        $main .= '
			<p><input name="submit" value="Add User" type="submit" /></p>
        $group_name = phoromatic_account_id_to_group_name($_SESSION['AccountID']);
        $main .= '<hr /><form action="' . $_SERVER['REQUEST_URI'] . '" name="group_name" id="group_name" method="post"><h2>Group Name</h2>
			<p>A group name is an alternative, user-facing name for this set of accounts. The group name feature is primarily useful for being able to better distinguish results between groups when sharing of data within a large organization, etc. The group name is showed next to test results when viewing results from multiple groups/accounts.</p>
			<h3>Group Name</h3>
			<p><input type="text" name="group_name" value="' . $group_name . '" /></p>
			<p><input name="submit" value="Update Group Name" type="submit" /></p>
        echo phoromatic_webui_header_logged_in();
        echo '<div id="pts_phoromatic_main_area">' . $main . '</div>';
        echo phoromatic_webui_footer();