function edit_member_profile($user_id) { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; // Set Variable to hold errors // Verify ID is Numeric if (!is_numeric($user_id)) { return $lang['user_manager_invalid_user_id']; } if ($_SESSION['userID'] == $user_id && $_SESSION['is_member'] == 'yes') { $sql_edit = intval($_SESSION['userID']); $raw_id = intval($_SESSION['userID']); } else { return $lang['user_manager_permission_denied']; } // $raw_id = $misc->make_db_unsafe($sql_edit); // Save any Changes that were posted if (isset($_POST['edit'])) { $display .= user_managment::update_member_profile($raw_id); } // Show Account Edit Form require_once $config['basepath'] . '/include/forms.inc.php'; $forms = new forms(); $display .= '<table border="0" cellpadding="0" cellspacing="0"><tr><td>'; $display .= '<table class="edit_users">'; $display .= '<tr><td colspan="2"><h3>' . $lang['user_manager_edit_user'] . '</h3></td></tr>'; $display .= '<tr>'; $display .= '<td valign="top" class="row_main">'; // first, grab the user's main info $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_edit; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { // collect up the main DB's various fields $_POST['edit_user_name'] = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']); $edit_emailAddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']); // $edit_comments = $misc->make_db_unsafe ($recordSet->fields['userdb_comments']); $edit_firstname = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']); $edit_lastname = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']); $edit_active = $recordSet->fields['userdb_active']; $edit_isAgent = $recordSet->fields['userdb_is_agent']; $edit_isAdmin = $recordSet->fields['userdb_is_admin']; $edit_limitListings = $recordSet->fields['userdb_limit_listings']; $edit_canEditAllListings = $recordSet->fields['userdb_can_edit_all_listings']; $edit_canEditAllUsers = $recordSet->fields['userdb_can_edit_all_users']; $edit_canEditSiteConfig = $recordSet->fields['userdb_can_edit_site_config']; $edit_canEditMemberTemplate = $recordSet->fields['userdb_can_edit_member_template']; $edit_canEditAgentTemplate = $recordSet->fields['userdb_can_edit_agent_template']; $edit_canEditListingTemplate = $recordSet->fields['userdb_can_edit_listing_template']; $edit_canExportListings = $recordSet->fields['userdb_can_export_listings']; $edit_canEditListingExpiration = $recordSet->fields['userdb_can_edit_expiration']; $edit_canModerate = $recordSet->fields['userdb_can_moderate']; $edit_canViewLogs = $recordSet->fields['userdb_can_view_logs']; $edit_canVtour = $recordSet->fields['userdb_can_have_vtours']; $edit_canFiles = $recordSet->fields['userdb_can_have_files']; $edit_canUserFiles = $recordSet->fields['userdb_can_have_user_files']; $edit_canFeatureListings = $recordSet->fields['userdb_can_feature_listings']; $edit_canPages = $recordSet->fields['userdb_can_edit_pages']; $last_modified = $recordSet->UserTimeStamp($recordSet->fields['userdb_last_modified'], $config["date_format_timestamp"]); $edit_canManageAddons = $recordSet->fields['userdb_can_manage_addons']; $recordSet->MoveNext(); } // end while // now, display all that stuff $display .= '<form name="updateUser" action="index.php?action=edit_profile&user_id=' . $raw_id . '" method="post">'; $display .= '<input type="hidden" name="edit" value="' . $raw_id . '" />'; $display .= '<table class="edit_users"><tr><td>'; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_name'] . ':</strong></td><td align="left" class="row_main">' . $_POST['edit_user_name'] . '</td></tr>'; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_first_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_first_name" value="' . $edit_firstname . '" /> '; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_last_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_last_name" value="' . $edit_lastname . '" /> '; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['last_modified'] . ':</strong></td><td align="left">' . $last_modified . '</td></tr>'; if ($config["demo_mode"] != 1 || $_SESSION['admin_privs'] == 'yes') { $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="password" name="edit_user_pass" /></td></tr>'; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ' (' . $lang['again'] . ') <span class="required">*</span></strong> </td><td align="left" class="row_main"> <input type="password" name="edit_user_pass2" /></td></tr>'; } else { $display .= '<input type="hidden" name="edit_user_pass" value="">'; $display .= '<input type="hidden" name="edit_user_pass2" value="">'; } $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_email'] . ': <span class="required">*</span></strong><br />' . $lang['email_not_displayed'] . '</td><td align="left" class="row_main"> <input type="text" name="user_email" value="' . $edit_emailAddress . '" /> '; $db_to_use = 'memberformelements'; $sql = 'SELECT ' . $db_to_use . '_field_name, userdbelements_field_value, ' . $db_to_use . '_field_type, ' . $db_to_use . '_rank, ' . $db_to_use . '_field_caption, ' . $db_to_use . '_default_text, ' . $db_to_use . '_required, ' . $db_to_use . '_field_elements, ' . $db_to_use . '_tool_tip FROM ' . $config['table_prefix'] . $db_to_use . ' left join ' . $config['table_prefix'] . 'userdbelements on userdbelements_field_name = ' . $db_to_use . '_field_name and userdb_id = ' . $sql_edit . ' ORDER BY ' . $db_to_use . '_rank'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $field_name = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_name']); $field_value = $misc->make_db_unsafe($recordSet->fields['userdbelements_field_value']); $field_type = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_type']); $field_caption = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_caption']); $default_text = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_default_text']); $field_elements = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_elements']); $required = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_required']); $tool_tip = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_tool_tip']); // pass the data to the function $display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, '', $tool_tip); $recordSet->MoveNext(); } // end while $display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>'; $display .= '<tr><td colspan="2" align="center" class="row_main"><input type="submit" value="' . $lang['update_button'] . '" /></td></tr></table></form>'; $display .= '</td></tr></table>'; $display .= '</td></tr></table>'; return $display; }