/** * Update user by ID - if id is empty add new user! */ function updateUserById($userModDetails) { global $db; # get variables from config file $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); # open db connection # replace special chars $userModDetails['groups'] = mysqli_real_escape_string($database, $userModDetails['groups']); # set query - add or edit user if (empty($userModDetails['userId'])) { # custom fields $myFields = getCustomUserFields(); $myFieldsInsert['query'] = ''; $myFieldsInsert['values'] = ''; if (sizeof($myFields) > 0) { /* set inserts for custom */ foreach ($myFields as $myField) { $myFieldsInsert['query'] .= ', `' . $myField['name'] . '`'; $myFieldsInsert['values'] .= ", '" . $userModDetails[$myField['name']] . "'"; } } $query = "insert into users "; $query .= "(`username`, `password`, `role`, `real_name`, `email`, `domainUser`,`groups`,`lang` {$myFieldsInsert['query']}) values "; $query .= "('{$userModDetails['username']}', '{$userModDetails['password1']}', '{$userModDetails['role']}', '{$userModDetails['real_name']}', '{$userModDetails['email']}', '{$userModDetails['domainUser']}','{$userModDetails['groups']}','{$userModDetails['lang']}' {$myFieldsInsert['values']});"; } else { # custom fields $myFields = getCustomUserFields(); $myFieldsInsert['query'] = ''; if (sizeof($myFields) > 0) { /* set inserts for custom */ foreach ($myFields as $myField) { $myFieldsInsert['query'] .= ', `' . $myField['name'] . '` = \'' . $userModDetails[$myField['name']] . '\' '; } } $query = "update users set "; $query .= "`username` = '{$userModDetails['username']}', "; if (strlen($userModDetails['password1']) != 0) { $query .= "`password` = '{$userModDetails['password1']}', "; } $query .= "`role` = '{$userModDetails['role']}', `real_name`= '{$userModDetails['real_name']}', `email` = '{$userModDetails['email']}', `domainUser`= '{$userModDetails['domainUser']}', `lang`= '{$userModDetails['lang']}', `groups`='" . $userModDetails['groups'] . "' "; $query .= $myFieldsInsert['query']; $query .= "where `id` = '{$userModDetails['userId']}';"; } $log = prepareLogFromArray($userModDetails); # prepare log /* execute */ try { $database->executeQuery($query); } catch (Exception $e) { $error = $e->getMessage(); } # ok if (!isset($error)) { updateLogTable('User ' . $userModDetails['username'] . ' updated ok', $log, 1); # write success log return true; } else { print "<div class='alert alert-error'>" . _("Cannot {$userModDetails['action']} user") . "!<br><strong>" . _('Error') . "</strong>: {$error}</div>"; updateLogTable('Cannot modify user ' . $userModDetails['username'], $log, 2); # write error log return false; } }
if ($userModDetails['action'] == "edit") { $errors = verifyUserModInput($userModDetails); } else { if ($userModDetails['action'] == "delete") { if (!deleteUserById($userModDetails['userId'], $userModDetails['username'])) { print '<div class="alert alert-error>' . _('Cannot delete user') . ' ' . $userModDetails['username'] . '!</div>"'; } else { print '<div class="alert alert-success">' . _('User deleted successfully') . '!</div>'; } //stop script execution die; } } } //custom $myFields = getCustomUserFields(); if (sizeof($myFields) > 0) { foreach ($myFields as $myField) { # replace possible ___ back to spaces! $myField['nameTest'] = str_replace(" ", "___", $myField['name']); if (isset($_POST[$myField['nameTest']])) { $userModDetails[$myField['name']] = $userModDetails[$myField['nameTest']]; } } } /** * Create array of permitted networks */ if ($userModDetails['role'] == "Administrator") { $userModDetails['groups'] = ""; } else {
<?php /** * Script to print add / edit / delete users *************************************************/ /* required functions */ require_once '../../functions/functions.php'; /* verify that user is admin */ checkAdmin(); /* get all settings */ $settings = getAllSettings(); /* get custom fields */ $custom = getCustomUserFields(); /* get languages */ $langs = getLanguages(); ?> <!-- header --> <div class="pHeader"> <?php /** * If action is not set get it form post variable! */ if (!$action) { $action = $_POST['action']; $id = $_POST['id']; //fetch all requested userdetails $user = getUserDetailsById($id); if (!empty($user['real_name'])) { print _("{$action} user") . ' ' . $user['real_name'];