function edit_member_profile($user_id)
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$display = '';
// Set Variable to hold errors
// Verify ID is Numeric
if (!is_numeric($user_id)) {
return $lang['user_manager_invalid_user_id'];
}
if ($_SESSION['userID'] == $user_id && $_SESSION['is_member'] == 'yes') {
$sql_edit = intval($_SESSION['userID']);
$raw_id = intval($_SESSION['userID']);
} else {
return $lang['user_manager_permission_denied'];
}
// $raw_id = $misc->make_db_unsafe($sql_edit);
// Save any Changes that were posted
if (isset($_POST['edit'])) {
$display .= user_managment::update_member_profile($raw_id);
}
// Show Account Edit Form
require_once $config['basepath'] . '/include/forms.inc.php';
$forms = new forms();
$display .= '<table border="0" cellpadding="0" cellspacing="0"><tr><td>';
$display .= '<table class="edit_users">';
$display .= '<tr><td colspan="2"><h3>' . $lang['user_manager_edit_user'] . '</h3></td></tr>';
$display .= '<tr>';
$display .= '<td valign="top" class="row_main">';
// first, grab the user's main info
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_edit;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
// collect up the main DB's various fields
$_POST['edit_user_name'] = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']);
$edit_emailAddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']);
// $edit_comments = $misc->make_db_unsafe ($recordSet->fields['userdb_comments']);
$edit_firstname = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']);
$edit_lastname = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']);
$edit_active = $recordSet->fields['userdb_active'];
$edit_isAgent = $recordSet->fields['userdb_is_agent'];
$edit_isAdmin = $recordSet->fields['userdb_is_admin'];
$edit_limitListings = $recordSet->fields['userdb_limit_listings'];
$edit_canEditAllListings = $recordSet->fields['userdb_can_edit_all_listings'];
$edit_canEditAllUsers = $recordSet->fields['userdb_can_edit_all_users'];
$edit_canEditSiteConfig = $recordSet->fields['userdb_can_edit_site_config'];
$edit_canEditMemberTemplate = $recordSet->fields['userdb_can_edit_member_template'];
$edit_canEditAgentTemplate = $recordSet->fields['userdb_can_edit_agent_template'];
$edit_canEditListingTemplate = $recordSet->fields['userdb_can_edit_listing_template'];
$edit_canExportListings = $recordSet->fields['userdb_can_export_listings'];
$edit_canEditListingExpiration = $recordSet->fields['userdb_can_edit_expiration'];
$edit_canModerate = $recordSet->fields['userdb_can_moderate'];
$edit_canViewLogs = $recordSet->fields['userdb_can_view_logs'];
$edit_canVtour = $recordSet->fields['userdb_can_have_vtours'];
$edit_canFiles = $recordSet->fields['userdb_can_have_files'];
$edit_canUserFiles = $recordSet->fields['userdb_can_have_user_files'];
$edit_canFeatureListings = $recordSet->fields['userdb_can_feature_listings'];
$edit_canPages = $recordSet->fields['userdb_can_edit_pages'];
$last_modified = $recordSet->UserTimeStamp($recordSet->fields['userdb_last_modified'], $config["date_format_timestamp"]);
$edit_canManageAddons = $recordSet->fields['userdb_can_manage_addons'];
$recordSet->MoveNext();
}
// end while
// now, display all that stuff
$display .= '<form name="updateUser" action="index.php?action=edit_profile&user_id=' . $raw_id . '" method="post">';
$display .= '<input type="hidden" name="edit" value="' . $raw_id . '" />';
$display .= '<table class="edit_users"><tr><td>';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_name'] . ':</strong></td><td align="left" class="row_main">' . $_POST['edit_user_name'] . '</td></tr>';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_first_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_first_name" value="' . $edit_firstname . '" /> ';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_last_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_last_name" value="' . $edit_lastname . '" /> ';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['last_modified'] . ':</strong></td><td align="left">' . $last_modified . '</td></tr>';
if ($config["demo_mode"] != 1 || $_SESSION['admin_privs'] == 'yes') {
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="password" name="edit_user_pass" /></td></tr>';
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ' (' . $lang['again'] . ') <span class="required">*</span></strong> </td><td align="left" class="row_main"> <input type="password" name="edit_user_pass2" /></td></tr>';
} else {
$display .= '<input type="hidden" name="edit_user_pass" value="">';
$display .= '<input type="hidden" name="edit_user_pass2" value="">';
}
$display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_email'] . ': <span class="required">*</span></strong><br />' . $lang['email_not_displayed'] . '</td><td align="left" class="row_main"> <input type="text" name="user_email" value="' . $edit_emailAddress . '" /> ';
$db_to_use = 'memberformelements';
$sql = 'SELECT ' . $db_to_use . '_field_name, userdbelements_field_value, ' . $db_to_use . '_field_type, ' . $db_to_use . '_rank, ' . $db_to_use . '_field_caption, ' . $db_to_use . '_default_text, ' . $db_to_use . '_required, ' . $db_to_use . '_field_elements, ' . $db_to_use . '_tool_tip FROM ' . $config['table_prefix'] . $db_to_use . ' left join ' . $config['table_prefix'] . 'userdbelements on userdbelements_field_name = ' . $db_to_use . '_field_name and userdb_id = ' . $sql_edit . ' ORDER BY ' . $db_to_use . '_rank';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
while (!$recordSet->EOF) {
$field_name = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_name']);
$field_value = $misc->make_db_unsafe($recordSet->fields['userdbelements_field_value']);
$field_type = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_type']);
$field_caption = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_caption']);
$default_text = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_default_text']);
$field_elements = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_elements']);
$required = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_required']);
$tool_tip = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_tool_tip']);
// pass the data to the function
$display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, '', $tool_tip);
$recordSet->MoveNext();
}
// end while
$display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>';
$display .= '<tr><td colspan="2" align="center" class="row_main"><input type="submit" value="' . $lang['update_button'] . '" /></td></tr></table></form>';
$display .= '</td></tr></table>';
$display .= '</td></tr></table>';
return $display;
}
