function edit_user($user_id) { global $conn, $config, $lang; require_once $config['basepath'] . '/include/user.inc.php'; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); require_once $config['basepath'] . '/include/listing_editor.inc.php'; $listing = new listing_editor(); $display = ''; // Set Variable to hold errors // Verify ID is Numeric if (!is_numeric($user_id)) { return $lang['user_manager_invalid_user_id']; } // Admins can edit any user. Anyone can edit there own information. if (($_SESSION['admin_privs'] == 'yes' || $_SESSION['edit_all_users'] == 'yes') && $user_id != '') { $security = login::loginCheck('Admin', true); if ($security === true) { $sql_edit = intval($user_id); $raw_id = $user_id; } else { $user_type = user::get_user_type($user_id); if ($user_type === admin) { // Agents cannot edit Admin account return $lang['user_manager_permission_denied']; } else { $sql_edit = intval($user_id); $raw_id = $user_id; } } } elseif ($_SESSION['admin_privs'] == 'yes' && $user_id == '' || $_SESSION['userID'] == $user_id) { $sql_edit = intval($_SESSION['userID']); $raw_id = intval($_SESSION['userID']); } else { return $lang['user_manager_permission_denied']; } // $raw_id = $misc->make_db_unsafe($sql_edit); // Save any Changes that were posted if (isset($_POST['edit'])) { $display .= user_managment::update_user($raw_id); if (isset($_POST['edit_listing_active']) && $_POST['edit_listing_active'] != "") { $display .= $listing->update_active_status($raw_id, $_POST['edit_listing_active']); } } //Blog Permissions $blog_perm[1] = $lang['blog_perm_subscriber']; $blog_perm[2] = $lang['blog_perm_contributor']; $blog_perm[3] = $lang['blog_perm_author']; $blog_perm[4] = $lang['blog_perm_editor']; // Show Account Edit Form require_once $config['basepath'] . '/include/forms.inc.php'; $forms = new forms(); $display .= '<table width="600" border="0" align="center" cellpadding="0" cellspacing="0"><tr><td>'; $display .= '<table class="edit_users">'; $display .= '<tr><td colspan="2"><h3>' . $lang['user_manager_edit_user'] . '</h3></td></tr>'; $display .= '<tr>'; $display .= '<td valign="top" align="center">'; $display .= '<strong>' . $lang['images'] . '</strong>'; $display .= '<br />'; $display .= '<hr width="75%" />'; $display .= '<form action="' . $config['baseurl'] . '/admin/index.php?action=edit_user_images" method="post" name="edit_user_images"><input type="hidden" name="edit" value="' . $raw_id . '" /><a href="javascript:document.edit_user_images.submit()">' . $lang['edit_images'] . '</a></form>'; // Show User Images $sql = 'SELECT userimages_caption, userimages_file_name, userimages_thumb_file_name FROM ' . $config['table_prefix'] . 'userimages WHERE userdb_id = ' . $sql_edit; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $caption = $misc->make_db_unsafe($recordSet->fields['userimages_caption']); $thumb_file_name = $misc->make_db_unsafe($recordSet->fields['userimages_thumb_file_name']); $file_name = $misc->make_db_unsafe($recordSet->fields['userimages_file_name']); // gotta grab the image size $imagedata = GetImageSize($config['user_upload_path'] . '/' . $thumb_file_name); $imagewidth = $imagedata[0]; $imageheight = $imagedata[1]; $shrinkage = $config['thumbnail_width'] / $imagewidth; $displaywidth = $imagewidth * $shrinkage; $displayheight = $imageheight * $shrinkage; $display .= '<a href="' . $config['user_view_images_path'] . '/' . $file_name . '" target="_thumb"> '; $display .= '<img src="' . $config['user_view_images_path'] . '/' . $thumb_file_name . '" height="' . $displayheight . '" width="' . $displaywidth . '" /></a><br /> '; $display .= '<strong>' . $caption . '</strong><br /><br />'; $recordSet->MoveNext(); } // end while $display .= '</td>'; // Place the Files list and edit files link on the edit user profile page if they are allowed to have files. if ($_SESSION['admin_privs'] == "yes" || $_SESSION['havefiles'] == "yes") { $display .= '<td valign="top" align="center" class="row_main">'; $display .= '<b>' . $lang['files'] . '</b>'; $display .= '<br />'; $display .= '<hr width="75%" />'; $display .= '<form action="index.php?action=edit_user_files" method="post" name="edit_user_files"><input type="hidden" name="edit" value="' . intval($_GET['edit']) . '" /><a href="javascript:document.edit_user_files.submit()">' . $lang['edit_files'] . '</a></form>'; $display .= '<br />'; $sql = "SELECT usersfiles_id, usersfiles_caption, usersfiles_file_name FROM " . $config['table_prefix'] . "usersfiles WHERE (userdb_id = {$sql_edit})"; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $caption = $misc->make_db_unsafe($recordSet->fields['usersfiles_caption']); $file_name = $misc->make_db_unsafe($recordSet->fields['usersfiles_file_name']); $file_id = $misc->make_db_unsafe($recordSet->fields['usersfiles_id']); $iconext = substr(strrchr($file_name, '.'), 1); $iconpath = $config["file_icons_path"] . '/' . $iconext . '.png'; if (file_exists($iconpath)) { $icon = $config["listings_view_file_icons_path"] . '/' . $iconext . '.png'; } else { $icon = $config["listings_view_file_icons_path"] . '/default.png'; } // $file_download_url = 'index.php?action=create_download&ID=' . $sql_edit . '&file_id=' . $file_id . '&type=user'; $display .= '<a href="' . $config['baseurl'] . '/' . $file_download_url . '" target="_thumb">'; $display .= '<img src="' . $icon . '" height="' . $config["file_icon_height"] . '" width="' . $config["file_icon_width"] . '" alt="' . $file_name . '" /><br />'; $display .= '<strong>' . $file_name . '</strong></a><br />'; $display .= '<strong>' . $caption . '</strong><br /><br />'; $recordSet->MoveNext(); } // end while $display .= '</td>'; } $display .= '<td valign="top" class="row_main">'; // first, grab the user's main info $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_id = ' . $sql_edit; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { // collect up the main DB's various fields $_POST['edit_user_name'] = $misc->make_db_unsafe($recordSet->fields['userdb_user_name']); $edit_emailAddress = $misc->make_db_unsafe($recordSet->fields['userdb_emailaddress']); // $edit_comments = $misc->make_db_unsafe ($recordSet->fields['userdb_comments']); $edit_firstname = $misc->make_db_unsafe($recordSet->fields['userdb_user_first_name']); $edit_lastname = $misc->make_db_unsafe($recordSet->fields['userdb_user_last_name']); $edit_active = $recordSet->fields['userdb_active']; $edit_isAgent = $recordSet->fields['userdb_is_agent']; $edit_isAdmin = $recordSet->fields['userdb_is_admin']; $edit_limitListings = $recordSet->fields['userdb_limit_listings']; $edit_limitFeaturedListings = $recordSet->fields['userdb_featuredlistinglimit']; $edit_userRank = $recordSet->fields['userdb_rank']; $edit_canEditAllListings = $recordSet->fields['userdb_can_edit_all_listings']; $edit_canEditAllUsers = $recordSet->fields['userdb_can_edit_all_users']; $edit_canEditSiteConfig = $recordSet->fields['userdb_can_edit_site_config']; $edit_canEditMemberTemplate = $recordSet->fields['userdb_can_edit_member_template']; $edit_canEditAgentTemplate = $recordSet->fields['userdb_can_edit_agent_template']; $edit_canEditListingTemplate = $recordSet->fields['userdb_can_edit_listing_template']; $edit_canExportListings = $recordSet->fields['userdb_can_export_listings']; $edit_canEditListingExpiration = $recordSet->fields['userdb_can_edit_expiration']; $edit_canEditPropertyClasses = $recordSet->fields['userdb_can_edit_property_classes']; $edit_canModerate = $recordSet->fields['userdb_can_moderate']; $edit_canViewLogs = $recordSet->fields['userdb_can_view_logs']; $edit_canVtour = $recordSet->fields['userdb_can_have_vtours']; $edit_canFiles = $recordSet->fields['userdb_can_have_files']; $edit_canUserFiles = $recordSet->fields['userdb_can_have_user_files']; $edit_canFeatureListings = $recordSet->fields['userdb_can_feature_listings']; $edit_canPages = $recordSet->fields['userdb_can_edit_pages']; $edit_BlogPrivileges = $recordSet->fields['userdb_blog_user_type']; $last_modified = $recordSet->UserTimeStamp($recordSet->fields['userdb_last_modified'], $config["date_format_timestamp"]); $edit_canManageAddons = $recordSet->fields['userdb_can_manage_addons']; $recordSet->MoveNext(); } // end while // now, display all that stuff $display .= '<form name="updateUser" action="index.php?action=user_manager&edit=' . $raw_id . '" method="post">'; $display .= '<input type="hidden" name="edit" value="' . $raw_id . '" />'; $display .= '<table class="edit_users"><tr><td>'; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_name'] . ':</strong></td><td align="left" class="row_main">' . $_POST['edit_user_name'] . '</td></tr>'; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_first_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_first_name" value="' . $edit_firstname . '" /> '; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_manager_last_name'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="text" name="user_last_name" value="' . $edit_lastname . '" /> '; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['last_modified'] . ':</strong></td><td align="left">' . $last_modified . '</td></tr>'; if ($config["demo_mode"] != 1 || $_SESSION['admin_privs'] == 'yes') { $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ': <span class="required">*</span></strong></td><td align="left" class="row_main"> <input type="password" name="edit_user_pass" /></td></tr>'; $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_password'] . ' (' . $lang['again'] . ') <span class="required">*</span></strong> </td><td align="left" class="row_main"> <input type="password" name="edit_user_pass2" /></td></tr>'; } else { $display .= '<input type="hidden" name="edit_user_pass" value="">'; $display .= '<input type="hidden" name="edit_user_pass2" value="">'; } $display .= '<tr><td align="right" class="row_main"><strong>' . $lang['user_email'] . ': <span class="required">*</span></strong><br />' . $lang['email_not_displayed'] . '</td><td align="left" class="row_main"> <input type="text" name="user_email" value="' . $edit_emailAddress . '" /> '; if ($_SESSION['admin_privs'] == 'yes') { // if the user is an admin, they can set additional properties about a given user // is the user active? $display .= "<tr><td align=right><b>{$lang['user_manager_is_user_active']}: </b></td>"; $display .= "<td align=left><select name=\"edit_active\" size=\"1\" "; if ($edit_isAgent == 'yes') { $display .= "onchange=\"listing_change_confirm(this.form.edit_active)\""; } $display .= "><option value=\"{$edit_active}\">{$edit_active}<option value=\"\">-----<option value=\"yes\">yes<option value=\"no\">no</select><input type=\"hidden\" name=\"edit_listing_active\" value=\"\" /></td></tr>"; // is the user an administrator? $display .= "<tr><td align=right><b>{$lang['user_manager_is_an_admin']}: </b></td>"; $display .= "<td align=left>{$edit_isAdmin}</td></tr>"; $display .= "<input type=\"hidden\" name=\"edit_isAdmin\" value=\"" . $edit_isAdmin . "\" />"; // is the user an agent? $display .= "<tr><td align=right><b>{$lang['user_manager_is_an_agent']}: </b></td>"; $display .= "<td align=left>{$edit_isAgent}</td></tr>"; $display .= "<input type=\"hidden\" name=\"edit_isAgent\" value=\"" . $edit_isAgent . "\" />"; if ($edit_isAgent == 'yes' || $edit_isAdmin == 'yes') { // limit # of listings? $display .= '<tr><td align=right><b>' . $lang['user_manager_limitListings'] . ': </b></td>'; $display .= '<td align=left><input id="edit_limitListings" name="edit_limitListings" size="6" value="' . $edit_limitListings . '" /><i>(-1 = Unlimited)</i></td></tr>'; // limit # of featured listings? $display .= '<tr><td align=right><b>' . $lang['user_manager_limitFeaturedListings'] . ': </b></td>'; $display .= '<td align=left><input id="edit_limitFeaturedListings" name="edit_limitFeaturedListings" size="6" value="' . $edit_limitFeaturedListings . '" /><i>(-1 = Unlimited)</i></td></tr>'; // user display order? $display .= '<tr><td align=right><b>' . $lang['user_manager_displayorder'] . ': </b></td>'; $display .= '<td align=left><input id="edit_userRank" name="edit_userRank" size="6" value="' . $edit_userRank . '" /></td></tr>'; } if ($edit_isAgent == 'yes') { // can they edit all listings? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_all_listings'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditAllListings" name="edit_canEditAllListings" size="1"><option value="' . $edit_canEditAllListings . '">' . $edit_canEditAllListings . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they edit all users? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_all_users'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditAllUsers" name="edit_canEditAllUsers" size="1"><option value="' . $edit_canEditAllUsers . '">' . $edit_canEditAllUsers . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they edit site config? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_site_config'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditSiteConfig" name="edit_canEditSiteConfig" size="1"><option value="' . $edit_canEditSiteConfig . '">' . $edit_canEditSiteConfig . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they edit member templates? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_member_template'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditMemberTemplate" name="edit_canEditMemberTemplate" size="1"><option value="' . $edit_canEditMemberTemplate . '">' . $edit_canEditMemberTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they edit agent templates? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_agent_template'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditAgentTemplate" name="edit_canEditAgentTemplate" size="1"><option value="' . $edit_canEditAgentTemplate . '">' . $edit_canEditAgentTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they edit listing templages? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_listing_template'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditListingTemplate" name="edit_canEditListingTemplate" size="1"><option value="' . $edit_canEditListingTemplate . '">' . $edit_canEditListingTemplate . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they edit property classes? $display .= '<tr><td align=right><b>' . $lang['user_editor_can_edit_property_classes'] . ': </b></td>'; $display .= '<td align=left><select id="edit_canEditPropertyClasses" name="edit_canEditPropertyClasses" size="1"><option value="' . $edit_canEditPropertyClasses . '">' . $edit_canEditPropertyClasses . '</option><option value="">-----</option><option value="no">no</option><option value="yes">yes</option></select></td></tr>'; // can they view logs? $display .= "<tr><td align=right><b>{$lang['user_manager_can_view_logs']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canViewLogs\" size=\"1\"><option value=\"{$edit_canViewLogs}\">{$edit_canViewLogs}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can they moderate incoming listings? $display .= "<tr><td align=right><b>{$lang['user_manager_is_a_moderator']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canModerate\" size=\"1\"><option value=\"{$edit_canModerate}\">{$edit_canModerate}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can they feature listings? $display .= "<tr><td align=right><b>{$lang['user_manager_feature_listings']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canFeatureListings\" size=\"1\"><option value=\"{$edit_canFeatureListings}\">{$edit_canFeatureListings}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can they edit pages? $display .= "<tr><td align=right><b>{$lang['user_manager_can_edit_pages']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canPages\" size=\"1\"><option value=\"{$edit_canPages}\">{$edit_canPages}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can they have vtours? $display .= "<tr><td align=right><b>{$lang['user_manager_can_have_vtours']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canVtour\" size=\"1\"><option value=\"{$edit_canVtour}\">{$edit_canVtour}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can they have listings files $display .= "<tr><td align=right><b>{$lang['user_manager_can_have_files']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canFiles\" size=\"1\"><option value=\"{$edit_canFiles}\">{$edit_canFiles}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can they have user files $display .= "<tr><td align=right><b>{$lang['user_manager_can_have_user_files']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canUserFiles\" size=\"1\"><option value=\"{$edit_canUserFiles}\">{$edit_canUserFiles}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // can modify expiration? $display .= "<tr><td align=right><b>{$lang['user_editor_can_edit_listing_expiration']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canEditListingExpiration\" size=\"1\"><option value=\"{$edit_canEditListingExpiration}\">{$edit_canEditListingExpiration}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; // Blog Permisisons $display .= "<tr><td align=right><b>{$lang['user_editor_blog_privileges']}: </b></td>"; $display .= "<td align=left><select name=\"edit_BlogPrivileges\" size=\"1\"><option value=\"{$edit_BlogPrivileges}\">{$blog_perm[$edit_BlogPrivileges]}</option><option value=\"\">-----</option>"; foreach ($blog_perm as $perm_key => $perm_value) { $display .= '<option value="' . $perm_key . '">' . $perm_value . '</option>'; } $display .= "</select></td></tr>"; // can access addon manager $display .= "<tr><td align=right><b>{$lang['user_editor_can_manage_addons']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canManageAddons\" size=\"1\"><option value=\"{$edit_canManageAddons}\">{$edit_canManageAddons}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; if ($config["export_listings"] == 1) { // can export listings? $display .= "<tr><td align=right><b>{$lang['user_editor_can_export_listings']}: </b></td>"; $display .= "<td align=left><select name=\"edit_canExportListings\" size=\"1\"><option value=\"{$edit_canExportListings}\">{$edit_canExportListings}</option><option value=\"\">-----</option><option value=\"yes\">yes</option><option value=\"no\">no</option></select></td></tr>"; } else { $display .= '<input type="hidden" name="edit_canExportListings" value="no" />'; } } } // now grab miscellenous debris if ($edit_isAgent == "yes" || $edit_isAdmin == 'yes') { $db_to_use = 'agentformelements'; } else { $db_to_use = 'memberformelements'; } $sql = 'SELECT ' . $db_to_use . '_field_name, userdbelements_field_value, ' . $db_to_use . '_field_type, ' . $db_to_use . '_rank, ' . $db_to_use . '_field_caption, ' . $db_to_use . '_default_text, ' . $db_to_use . '_required, ' . $db_to_use . '_field_elements, ' . $db_to_use . '_tool_tip FROM ' . $config['table_prefix'] . $db_to_use . ' left join ' . $config['table_prefix'] . 'userdbelements on userdbelements_field_name = ' . $db_to_use . '_field_name and userdb_id = ' . $sql_edit . ' ORDER BY ' . $db_to_use . '_rank'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } while (!$recordSet->EOF) { $field_name = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_name']); $field_value = $misc->make_db_unsafe($recordSet->fields['userdbelements_field_value']); $field_type = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_type']); $field_caption = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_caption']); $default_text = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_default_text']); $field_elements = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_field_elements']); $required = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_required']); $tool_tip = $misc->make_db_unsafe($recordSet->fields[$db_to_use . '_tool_tip']); // pass the data to the function $display .= $forms->renderExistingFormElement($field_type, $field_name, $field_value, $field_caption, $default_text, $required, $field_elements, '', $tool_tip); $recordSet->MoveNext(); } // end while $display .= '<tr><td colspan="2" align="center" class="row_main">' . $lang['required_form_text'] . '</td></tr>'; $display .= '<tr><td colspan="2" align="center" class="row_main"><input type="submit" value="' . $lang['update_button'] . '" />'; $security = login::loginCheck('edit_all_users', true); if ($security === true) { $display .= ' <a href="index.php?action=user_manager&delete=' . $user_id . '" onclick="return confirmDelete(\'' . $lang['delete_user'] . '\')">' . $lang['delete'] . '</a>'; } $display .= '</td></tr></table></form>'; $display .= '</td></tr></table>'; $display .= '</td></tr></table>'; return $display; }