/src/php/webdeso2/scripts/admin/admin.php
PHP | 313 lines | 262 code | 19 blank | 32 comment | 58 complexity | cc9d374bf98c6a72e5564d2032e4acec MD5 | raw file
- <?php
-
- function show_page() {
- global $_GET, $data, $path, $style, $session_id, $header, $default_language, $default_style;
- if (isset($data["type"]) && $data["type"] == 2) { //does the user have admin rights?
- if (!isset($_GET["act"])) $_GET["act"] = "page";
- switch ($_GET["act"]) {
- case "userdata": //list of users
- $contents = getUserData(1, 1, "");
- //echo("test");
- header ($header["xml"]);
- break;
- case "userlist": //user's data
- $filename = $path[$style]["tpl"]."/users.xml";
- $fp = fopen($filename, "r");
- $contents = fread($fp, filesize ($filename));
- fclose ($fp);
-
- preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
- $rep_cont = "";
- $i_max = getMultData("select * from user order by login;", $usersdata);
-
- //User Data
- for ($i = 0; $i < $i_max; $i++) {
- $tmp_cont = str_replace("%USER_ID%", $usersdata[$i]["user_id"], $matches[1]);
- $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);
- $tmp_cont = str_replace("%USER_NM%", $usersdata[$i]["lname"].", ".
- $usersdata[$i]["fname"]." (".$usersdata[$i]["login"].")", $tmp_cont);
- $tmp_cont = str_replace("%USER_LN%", "index.php?trg=admin&act=userdata&sid=".
- $session_id."&uid=".$usersdata[$i]["user_id"], $tmp_cont);
- $rep_cont .= $tmp_cont;
- }
- $contents = str_replace($matches[0], $rep_cont, $contents);
- header ($header["xml"]);
- break;
- case "update": //user's data
- $comment = "";
- if (isset($_GET["uid"]) && isset($_GET["ufname"]) && isset($_GET["ulname"]) && isset($_GET["ulogin"]) && isset($_GET["utype"])) {
- $_GET["ufname"] = utf8Encode($_GET["ufname"]);
- $_GET["ulname"] = utf8Encode($_GET["ulname"]);
- $_GET["ulogin"] = utf8Encode($_GET["ulogin"]);
- $_GET["utype"] = utf8Encode($_GET["utype"]);
- /*$tmpfile = fopen("test.txt","w");
- foreach ($_GET as $key => $value) {
- fwrite($tmpfile, "\nKey: $key; Value: $value");
- } */
- //$datatmp = null;
- /*$tmpfile = fopen("test.txt","w");
- $fp = fwrite($tmpfile,$_GET["ulname"]);
- fclose($tmpfile);*/
- $tmpSQL = "SELECT * FROM user where user_id <> ".
- $_GET["uid"]." AND login = '".
- $_GET["ulogin"]."';";
- /*print ($tmpSQL);
- print (getData($tmpSQL, $datatmp));
- print " Found: ".$datatmp["user_id"]." ".$datatmp["login"];*/
- if ( $_GET["ufname"] == "" || $_GET["ulname"] == "" || $_GET["ulogin"] == "" ||
- $_GET["utype"] > 2 || $_GET["utype"] < 0 ||
- getData($tmpSQL, $datatmp) > 0 ) {
- fwrite($tmpfile, "\nEmpty name!\n");
- $comment = getMessage("EmptyName");
- } else {
- //fwrite($tmpfile, "\nUpdating...\n");
- $sql_str = "UPDATE user SET user.login = '".$_GET["ulogin"].
- "', user.type = '".$_GET["utype"].
- "', user.fname = '".$_GET["ufname"].
- "', user.lname = '".$_GET["ulname"].
- "' WHERE user.user_id=".$_GET["uid"].";";
- insertRecord($sql_str);
- }
- $contents = getUserData(1, 0, $comment);
- //fclose($tmpfile);
- }
- if (isset($_GET["uid"]) && isset($_GET["upass1"]) && isset($_GET["upass2"])) {
- $_GET["upass1"] = utf8Encode($_GET["upass1"]);
- $_GET["upass2"] = utf8Encode($_GET["upass2"]);
- if ( $_GET["upass1"] == "" || $_GET["upass2"] == "" || $_GET["upass1"] != $_GET["upass2"]) {
- $comment = getMessage("NewRePWD");
- } else {
- $sql_str = "UPDATE user SET user.pwd = '".md5($_GET["upass2"]).
- "' WHERE user.user_id=".$_GET["uid"].";";
- insertRecord($sql_str);
- }
- $contents = getUserData(0, 1, $comment);
- }
- header ($header["xml"]);
- break;
- case "delete": //user's data
- $filename = $path[$style]["tpl"]."/action.xml";
- $fp = fopen($filename, "r");
- $contents = fread($fp, filesize ($filename));
- fclose ($fp);
- preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
-
- if (isset($_GET["uid"]) && $_GET["uid"] != $data["user_id"]) {
- insertRecord("DELETE FROM user WHERE user_id=".
- $_GET["uid"].";");
- $contents = str_replace("%SCCSS%", "1", $contents);
- }
- else {
- $contents = str_replace("%SCCSS%", "0", $contents);
- }
-
- $contents = str_replace($matches[0], "", $contents);
- $contents = str_replace("%ACT_ID%", "Delete", $contents);
- $contents = str_replace("%PARENT%", $_GET["uid"], $contents);
- header ($header["xml"]);
- break;
- case "addnew": //user's data
- $filename = $path[$style]["tpl"]."/action.xml";
- $fp = fopen($filename, "r");
- $contents = fread($fp, filesize ($filename));
- fclose ($fp);
- preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
-
- insertRecord("INSERT INTO user (fname, lname) VALUES('".
- $session_id."','".$session_id."');");
- if (getData("SELECT user_id FROM user where fname = '".
- $session_id."' AND lname = '".$session_id."';", $datatmp) == 1) {
- $sql_str = "UPDATE user SET user.login = '".getMessage("Login").
- "', user.type = 0, user.fname = '".getMessage("First name").
- "', user.lname = '".getMessage("Last name").
- "', user.style = '".$default_style.
- "', user.lang = ".$default_language.
- " WHERE user.user_id=".$datatmp["user_id"].";";
- insertRecord($sql_str);
- //print ($sql_str);
- $contents = str_replace("%SCCSS%", "1", $contents);
- }
- else {
- $contents = str_replace("%SCCSS%", "0", $contents);
- $datatmp["user_id"] = 0;
- }
-
- $tmp_cont = str_replace("%NODE_ID%", $datatmp["user_id"], $matches[1]);
- $tmp_cont = str_replace("%NODE_NM%", getMessage("Last name").", ".
- getMessage("First name")." (".getMessage("Login").")", $tmp_cont);
- $tmp_cont = str_replace("%NODE_LN%", "index.php?trg=admin&act=userdata&sid=".
- $session_id."&uid=".$datatmp["user_id"], $tmp_cont);
- $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);
-
- $contents = str_replace($matches[0], $tmp_cont, $contents);
- $contents = str_replace("%ACT_ID%", "Add", $contents);
- $contents = str_replace("%PARENT%", "root", $contents);
- header ($header["xml"]);
- break;
- default: //including "page"
- $filename = $path[$style]["tpl"]."/admin.htm";
- $fp = fopen($filename, "r");
- $contents = fread($fp, filesize ($filename));
- fclose ($fp);
-
- $contents = str_replace("%ROOT_CSS%", $path[$style]["css"], $contents);
- $contents = str_replace("%ROOT_IMG%", $path[$style]["img"], $contents);
- $contents = str_replace("%ROOT_JAVA%", $path[$style]["java"], $contents);
-
- $contents = str_replace("%SID%", $session_id, $contents);
- $contents = str_replace("%TRG%", "admin", $contents);
-
- $contents = str_replace("%LOGOUT%", getMessage("Logout"), $contents);
- $contents = str_replace("%MAINMENU%", getMessage("Main menu"), $contents);
- $contents = str_replace("%ADMIN%", getMessage("Administrator"), $contents);
- $contents = str_replace("%ADD%", getMessage("Add"), $contents);
- $contents = str_replace("%DEL%", getMessage("Delete"), $contents);
- $contents = str_replace("%LOAD%", getMessage("Loading"), $contents);
- $contents = str_replace("%UNAVAIL%", getMessage("Unavailable"), $contents);
- header ($header["html"]);
- break;
- }
- header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
- header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
- header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
- header ("Pragma: no-cache"); // HTTP/1.0
- print ($contents);
- }
- else { //no admin rights
- header("Location: index.php?trg=main&sid=".$session_id);
- }
- }
-
- function getUserData($showdata, $showpassword, $comment) {
- global $_GET, $path, $style, $session_id, $data;
- $filename = $path[$style]["tpl"]."/userdata.xml";
- $fp = fopen($filename, "r");
- $contents = fread($fp, filesize ($filename));
- fclose ($fp);
-
- preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
- preg_match("/\%REPDAT\%(.*?)\%REPDAT\%/s", $matches[1], $datmatches);
- preg_match("/\%REPOPT\%(.*?)\%REPOPT\%/s", $datmatches[1], $optmatches);
- $rep_cont = "";
- getData("select * from user where user_id=".$_GET["uid"].";", $userdata);
-
- $udata = "";
- if ($showdata) { //User data
- $contents = str_replace("%NAME%", $userdata["lname"].", ".
- $userdata["fname"]." (".$userdata["login"].")", $contents);
- //First name
- $fname = str_replace($optmatches[0], "", $datmatches[1]);
- $fname = str_replace("%TYPE%", "Text", $fname);
- $fname = str_replace("%NODE_ID%", "ufname", $fname);
- $fname = str_replace("%NODE_TL%", getMessage("First name"), $fname);
- $fname = str_replace("%VALUE%", $userdata["fname"], $fname);
- //LastName
- $lname = str_replace($optmatches[0], "", $datmatches[1]);
- $lname = str_replace("%TYPE%", "Text", $lname);
- $lname = str_replace("%NODE_ID%", "ulname", $lname);
- $lname = str_replace("%NODE_TL%", getMessage("Last name"), $lname);
- $lname = str_replace("%VALUE%", $userdata["lname"], $lname);
- //Login
- $login = str_replace($optmatches[0], "", $datmatches[1]);
- $login = str_replace("%TYPE%", "Text", $login);
- $login = str_replace("%NODE_ID%", "ulogin", $login);
- $login = str_replace("%NODE_TL%", getMessage("Login"), $login);
- $login = str_replace("%VALUE%", $userdata["login"], $login);
- //Type
- if ($_GET["uid"] == $data["user_id"]) { //an admin cannot change his own type
- $opt1 = str_replace($optmatches[0], "", $datmatches[1]);
- $opt1 = str_replace("%TYPE%", "Hidden", $opt1);
- $opt1 = str_replace("%NODE_ID%", "utype", $opt1);
- $opt1 = str_replace("%NODE_TL%", "", $opt1);
- $opt1 = str_replace("%VALUE%", $userdata["type"], $opt1);
- $utype = str_replace($optmatches[0], "", $datmatches[1]);
- $utype = str_replace("%TYPE%", "Label", $utype);
- $utype = str_replace("%NODE_ID%", "", $utype);
- $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
- switch ($userdata["type"]) { //just in case...
- case 2: $utype = str_replace("%VALUE%", getMessage("Admin"), $utype);
- case 1: $utype = str_replace("%VALUE%", getMessage("RegUser"), $utype);
- default: $utype = str_replace("%VALUE%", getMessage("Guest"), $utype);
- }
- $utype = $opt1.$utype;
- }
- else {
- //options
- $opt1 = str_replace("%OPT_ID%", "1", $optmatches[1]);
- $opt1 = str_replace("%OPT_TL%", getMessage("RegUser"), $opt1);
- if ($userdata["type"] == 1) $opt1 = str_replace("%SELECTED%", "selected", $opt1);
- else $opt1 = str_replace("%SELECTED%", "0", $opt1);
-
- $opt2 = str_replace("%OPT_ID%", "0", $optmatches[1]);
- $opt2 = str_replace("%OPT_TL%", getMessage("Guest"), $opt2);
- if ($userdata["type"] == 0) $opt2 = str_replace("%SELECTED%", "selected", $opt2);
- else $opt2 = str_replace("%SELECTED%", "0", $opt2);
-
- $opt3 = str_replace("%OPT_ID%", "2", $optmatches[1]);
- $opt3 = str_replace("%OPT_TL%", getMessage("Admin"), $opt3);
- if ($userdata["type"] == 2) $opt3 = str_replace("%SELECTED%", "selected", $opt3);
- else $opt3 = str_replace("%SELECTED%", "0", $opt3);
- //type
- $utype = str_replace($optmatches[0], $opt1.$opt2.$opt3, $datmatches[1]);
- $utype = str_replace("%TYPE%", "Option", $utype);
- $utype = str_replace("%NODE_ID%", "utype", $utype);
- $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
- }
- //Label
- $lablttt = str_replace($optmatches[0], "", $datmatches[1]);
- $lablttt = str_replace("%TYPE%", "Label", $lablttt);
- $lablttt = str_replace("%NODE_ID%", "", $lablttt);
- if ($comment != "") $lablttt = str_replace("%NODE_TL%", getMessage("Error"), $lablttt);
- else $lablttt = str_replace("%NODE_TL%", "", $lablttt);
- //$lablttt = str_replace("%VALUE%", $userdata["type"], $lablttt);
- $lablttt = str_replace("%VALUE%", $comment, $lablttt);
- //button
- $ubutn = str_replace($optmatches[0], "", $datmatches[1]);
- $ubutn = str_replace("%TYPE%", "Button", $ubutn);
- $ubutn = str_replace("%NODE_ID%", "ubutn", $ubutn);
- $ubutn = str_replace("%NODE_TL%", getMessage("Save"), $ubutn);
- $ubutn = str_replace("%VALUE%", "'0','ufname','ulname','ulogin','utype'", $ubutn);
- //User
- $udata = str_replace($datmatches[0], $fname.$lname.$login.$utype.$lablttt.$ubutn, $matches[1]);
- $udata = str_replace("%GROUP_ID%", "0", $udata);
- $udata = str_replace("%GROUP_TL%", getMessage("User data"), $udata);
- //print "****".$udata."****";
- }
-
- $updata = "";
- if ($showpassword) { //User password
- //P1
- $upass1 = str_replace($optmatches[0], "", $datmatches[1]);
- $upass1 = str_replace("%TYPE%", "Password", $upass1);
- $upass1 = str_replace("%NODE_ID%", "upass1", $upass1);
- $upass1 = str_replace("%NODE_TL%", getMessage("Password"), $upass1);
- $upass1 = str_replace("%VALUE%", "", $upass1);
- //P2
- $upass2 = str_replace($optmatches[0], "", $datmatches[1]);
- $upass2 = str_replace("%TYPE%", "Password", $upass2);
- $upass2 = str_replace("%NODE_ID%", "upass2", $upass2);
- $upass2 = str_replace("%NODE_TL%", getMessage("RepeatPass"), $upass2);
- $upass2 = str_replace("%VALUE%", "", $upass2);
- //Label
- $labltt = str_replace($optmatches[0], "", $datmatches[1]);
- $labltt = str_replace("%TYPE%", "Label", $labltt);
- $labltt = str_replace("%NODE_ID%", "", $labltt);
- if ($comment != "") $labltt = str_replace("%NODE_TL%", getMessage("Error"), $labltt);
- else $labltt = str_replace("%NODE_TL%", "", $labltt);
- $labltt = str_replace("%VALUE%", $comment, $labltt);
- //button
- $ubutn2 = str_replace($optmatches[0], "", $datmatches[1]);
- $ubutn2 = str_replace("%TYPE%", "Button", $ubutn2);
- $ubutn2 = str_replace("%NODE_ID%", "ubutn2", $ubutn2);
- $ubutn2 = str_replace("%NODE_TL%", getMessage("ChangePass"), $ubutn2);
- $ubutn2 = str_replace("%VALUE%", "'1','upass1','upass2'", $ubutn2);
-
- $updata = str_replace($datmatches[0], $upass1.$upass2.$labltt.$ubutn2, $matches[1]);
- $updata = str_replace("%GROUP_ID%", "1", $updata);
- $updata = str_replace("%GROUP_TL%", getMessage("Password"), $updata);
- //print "****".$udata."****";
- }
-
- return str_replace($matches[0], $udata.$updata, $contents);
- }
- ?>