function replace_admin_actions() { global $config, $lang; require_once $config['basepath'] . '/include/login.inc.php'; $login = new login(); $login_status = $login->loginCheck('Agent'); if ($login_status !== true) { // Run theese commands even if not logged in. $data = ''; switch ($_GET['action']) { case 'send_forgot': require_once $config['basepath'] . '/include/login.inc.php'; $data = login::forgot_password(); break; case 'forgot': require_once $config['basepath'] . '/include/login.inc.php'; $data = login::forgot_password_reset(); break; default: $data .= $login_status; break; } } else { switch ($_GET['action']) { case 'index': require_once $config['basepath'] . '/include/admin.inc.php'; $admin = new general_admin(); $data = $admin->index_page(); break; case 'edit_page': require_once $config['basepath'] . '/include/editor.inc.php'; $listing = new editor(); $data = $listing->page_edit(); break; case 'edit_user_images': require_once $config['basepath'] . '/include/images.inc.php'; $images = new image_handler(); $data = $images->edit_user_images(); break; case 'edit_listing_images': require_once $config['basepath'] . '/include/images.inc.php'; $images = new image_handler(); $data = $images->edit_listing_images(); break; case 'edit_vtour_images': require_once $config['basepath'] . '/include/images.inc.php'; $images = new image_handler(); $data = $images->edit_vtour_images(); break; case 'edit_listing_files': require_once $config['basepath'] . '/include/files.inc.php'; $files = new file_handler(); $data = $files->edit_listing_files(); break; case 'edit_user_files': require_once $config['basepath'] . '/include/files.inc.php'; $files = new file_handler(); $data = $files->edit_user_files(); break; case 'add_listing': require_once $config['basepath'] . '/include/listing_editor.inc.php'; $listing_editor = new listing_editor(); $data = $listing_editor->add_listing(); break; case 'edit_my_listings': require_once $config['basepath'] . '/include/listing_editor.inc.php'; $listing_editor = new listing_editor(); $data = $listing_editor->edit_listings(); break; case 'edit_listings': require_once $config['basepath'] . '/include/listing_editor.inc.php'; $listing_editor = new listing_editor(); $data = $listing_editor->edit_listings(false); break; case 'configure': require_once $config['basepath'] . '/include/controlpanel.inc.php'; $listing_editor = new configurator(); $data = $listing_editor->show_configurator(); break; case 'edit_listing_template': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_listing_template(); break; case 'edit_listings_template_field_order': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_listings_template_field_order(); break; case 'edit_agent_template_field_order': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_template_field_order($type = 'agent'); break; case 'edit_member_template_field_order': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_template_field_order($type = 'member'); break; case 'edit_agent_template_add_field': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->add_user_template_field($type = 'agent'); break; case 'edit_member_template_add_field': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $type = 'member'; $data = $listing->add_user_template_field($type); break; case 'edit_listing_template_search': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_listing_template_search(); break; case 'edit_listing_template_search_results': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_listing_template_search_results(); break; case 'user_manager': require_once $config['basepath'] . '/include/user_manager.inc.php'; $user_managment = new user_managment(); $data = $user_managment->show_user_manager(); break; case 'edit_user_template': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->edit_user_template(); break; case 'edit_listing_template_add_field': require_once $config['basepath'] . '/include/template_editor.inc.php'; $listing = new template_editor(); $data = $listing->add_listing_template_field(); break; case 'add_page': require_once $config['basepath'] . '/include/editor.inc.php'; $listing = new editor(); $data = $listing->add_page(); break; case 'view_log': require_once $config['basepath'] . '/include/log.inc.php'; $data = log::view(); break; case 'clear_log': require_once $config['basepath'] . '/include/log.inc.php'; $data = log::clear_log(); break; case 'show_property_classes': require_once $config['basepath'] . '/include/propertyclass.inc.php'; $data = propertyclass::show_classes(); break; case 'modify_property_class': require_once $config['basepath'] . '/include/propertyclass.inc.php'; $data = propertyclass::modify_property_class(); break; case 'delete_property_class': require_once $config['basepath'] . '/include/propertyclass.inc.php'; $data = propertyclass::delete_property_class(); break; case 'insert_property_class': require_once $config['basepath'] . '/include/propertyclass.inc.php'; $data = propertyclass::insert_property_class(); break; case 'add_listing_property_class': require_once $config['basepath'] . '/include/listing_editor.inc.php'; $listing_editor = new listing_editor(); $data = $listing_editor->add_listing_logic(); break; //Todo Finish Adding Blog Items //Todo Finish Adding Blog Items case 'edit_blog': require_once $config['basepath'] . '/include/blog_editor.inc.php'; $listing = new blog_editor(); $data = $listing->blog_edit_index(); break; case 'edit_blog_post': require_once $config['basepath'] . '/include/blog_editor.inc.php'; $listing = new blog_editor(); $data = $listing->blog_edit(); break; case 'add_blog': require_once $config['basepath'] . '/include/blog_editor.inc.php'; $listing = new blog_editor(); $data = $listing->add_post(); break; case 'edit_blog_post_comments': require_once $config['basepath'] . '/include/blog_editor.inc.php'; $listing = new blog_editor(); $data = $listing->edit_post_comments(); break; case 'addon_manager': require_once $config['basepath'] . '/include/addon_manager.inc.php'; $am = new addon_manager(); $data = $am->display_addon_manager(); break; case 'send_notifications': require_once $config['basepath'] . '/include/notification.inc.php'; $notify = new notification(); $data = $notify->NotifyUsersOfAllNewListings(); break; default: // Handle Addons $addon_name = array(); if (preg_match("/^addon_(.\\S*?)_.*/", $_GET['action'], $addon_name)) { include_once $config['basepath'] . '/addons/' . $addon_name[1] . '/addon.inc.php'; $function_name = $addon_name[1] . '_run_action_admin_template'; $data = $function_name(); } } } return $data; }
function update_user($user_id) { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/forms.inc.php'; $forms = new forms(); $display = ''; $do_update = true; if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) { $display .= '<p>' . $lang['user_manager_password_identical'] . '</p>'; $do_update = false; } elseif ($_POST['edit_user_pass'] == '') { $do_update = true; } // end elseif if ($_POST['user_email'] == '' || $_POST['user_first_name'] == '' || $_POST['user_last_name'] == '') { $display .= "<p class=\"redtext\">{$lang['required_fields_not_filled']}</p>"; $do_update = false; } // Get Current User type $sql = 'SELECT userdb_is_agent, userdb_is_admin, userdb_active FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $is_agent = $misc->make_db_unsafe($recordSet->fields['userdb_is_agent']); $is_admin = $misc->make_db_unsafe($recordSet->fields['userdb_is_admin']); $is_active = $misc->make_db_unsafe($recordSet->fields['userdb_active']); $sql_user_email = $misc->make_db_safe($_POST['user_email']); $sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']); $sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']); //Make sure no other user has this email address. $sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { if ($recordSet->fields['userdb_id'] != $user_id) { $display .= "<p class=\"redtext\">{$lang['email_address_already_used']}</p>"; $do_update = false; } $recordSet->MoveNext(); } if ($do_update) { global $pass_the_form; if ($is_agent == 'yes' || $is_admin == 'yes') { $db_to_validate = 'agentformelements'; } else { $db_to_validate = 'memberformelements'; } $pass_the_form = $forms->validateForm($db_to_validate); if (is_array($pass_the_form)) { // if we're not going to pass it, tell that they forgot to fill in one of the fields foreach ($pass_the_form as $k => $v) { if ($v == 'REQUIRED') { $display .= "<p class=\"redtext\">{$k}: {$lang['required_fields_not_filled']}</p>"; } if ($v == 'TYPE') { $display .= "<p class=\"redtext\">{$k}: {$lang['field_type_does_not_match']}</p>"; } } } else { $_POST['user_email'] = $misc->make_db_safe($_POST['user_email']); if ($_POST['edit_user_pass'] == '') { $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id; } else { $md5_user_pass = md5($_POST['edit_user_pass']); $md5_user_pass = $misc->make_db_safe($md5_user_pass); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_emailaddress = ' . $_POST['user_email'] . ', userdb_user_password = '******', userdb_last_modified = ' . $conn->DBTimeStamp(time()) . ' WHERE userdb_id = ' . $user_id; } $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } if ($_SESSION['admin_privs'] == 'yes' && $is_admin == 'yes') { $sql_edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']); $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']); $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_limit_listings = ' . $sql_edit_limitListings . ' WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } // If Admin is upadting and agent set other fields if ($_SESSION['admin_privs'] == 'yes' && $is_agent == 'yes') { $edit_is_active = $misc->make_db_safe($_POST['edit_active']); $edit_first_name = $misc->make_db_safe($_POST['user_first_name']); $edit_last_name = $misc->make_db_safe($_POST['user_last_name']); $edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']); $edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']); $edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']); $edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']); $edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']); $edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']); $edit_can_view_logs = $misc->make_db_safe($_POST['edit_canViewLogs']); $edit_can_moderate = $misc->make_db_safe($_POST['edit_canModerate']); $edit_can_feature_listings = $misc->make_db_safe($_POST['edit_canFeatureListings']); $edit_can_edit_pages = $misc->make_db_safe($_POST['edit_canPages']); $edit_can_have_vtours = $misc->make_db_safe($_POST['edit_canVtour']); $edit_can_have_files = $misc->make_db_safe($_POST['edit_canFiles']); $edit_can_have_user_files = $misc->make_db_safe($_POST['edit_canUserFiles']); $edit_limitListings = $misc->make_db_safe($_POST['edit_limitListings']); $sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']); $sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']); $sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']); $sql_userdb_blog_user_type = $misc->make_db_safe($_POST['edit_BlogPrivileges']); $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']); $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']); $sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name = ' . $edit_last_name . ', userdb_can_edit_site_config = ' . $edit_canEditSiteConfig . ', userdb_can_edit_member_template = ' . $edit_canEditMemberTemplate . ', userdb_can_edit_agent_template = ' . $edit_canEditAgentTemplate . ', userdb_can_edit_listing_template = ' . $edit_canEditListingTemplate . ', userdb_can_view_logs = ' . $edit_can_view_logs . ', userdb_can_moderate = ' . $edit_can_moderate . ', userdb_can_feature_listings = ' . $edit_can_feature_listings . ', userdb_can_edit_pages = ' . $edit_can_edit_pages . ', userdb_can_have_vtours = ' . $edit_can_have_vtours . ', userdb_can_have_files = ' . $edit_can_have_files . ', userdb_can_have_user_files = ' . $edit_can_have_user_files . ', userdb_limit_listings = ' . $edit_limitListings . ', userdb_can_edit_expiration = ' . $sql_edit_canEditListingExpiration . ', userdb_can_export_listings = ' . $sql_edit_canExportListings . ', userdb_can_edit_all_users = ' . $edit_canEditAllUsers . ', userdb_can_edit_all_listings = ' . $edit_canEditAllListings . ', userdb_can_edit_property_classes = ' . $sql_edit_canEditPropertyClasses . ', userdb_can_manage_addons = ' . $sql_edit_canManageAddons . ', userdb_rank = ' . $sql_edit_userRank . ', userdb_featuredlistinglimit = ' . $sql_edit_limitFeaturedListings . ', userdb_blog_user_type = ' . $sql_userdb_blog_user_type . ' WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } else { if (isset($_POST['edit_active'])) { $edit_is_active = $misc->make_db_safe($_POST['edit_active']); } else { $edit_is_active = $misc->make_db_safe('yes'); } $edit_first_name = $misc->make_db_safe($_POST['user_first_name']); $edit_last_name = $misc->make_db_safe($_POST['user_last_name']); $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_active = ' . $edit_is_active . ', userdb_user_first_name = ' . $edit_first_name . ', userdb_user_last_name =' . $edit_last_name . ' WHERE userdb_id = ' . $user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } } if ($is_active == 'no' && $_POST['edit_active'] == 'yes') { if ($config['moderate_agents'] == 1 && $is_agent == 'yes' || $config['moderate_members'] == 1 && $is_agent == 'no') { $message = $_POST['user_first_name'] . ' ' . $_POST['user_last_name'] . ",\r\n" . $lang['user_activated_message'] . "\r\n\r\n"; if ($is_agent == 'yes') { $link = $config['baseurl'] . '/admin/index.php'; } else { $link = $config['baseurl'] . '/index.php?action=member_login'; } $message .= $link; $email = str_replace('\'', '', $_POST['user_email']); $send = $misc->send_email($config['company_name'], $config['admin_email'], $email, $message, $lang['user_activated_subject']); } } $message = user_managment::updateUserData($user_id); if ($message == 'success') { // one has to ensure that the cookie containing the pass is reset // otherwise, one would have to log out and in again everytime // an account was updated if ($_POST['edit_user_pass'] != "" && $_SESSION['userID'] == $user_id) { $_SESSION['userpassword'] = md5($_POST['edit_user_pass']); } $display .= '<p>' . $lang['user_editor_account_updated'] . ', ' . $_SESSION['username'] . '</p>'; } else { $display .= '<p>' . $lang['alert_site_admin'] . '</p>'; } // end else } // end if $pass_the_form == "Yes" } // end else $misc->log_action($lang['log_updated_user'] . ': ' . $user_id); return $display; }