PageRenderTime 109ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/src/php/webdeso2/scripts/admin/admin.php

http://ambulances.googlecode.com/
PHP | 313 lines | 262 code | 19 blank | 32 comment | 58 complexity | cc9d374bf98c6a72e5564d2032e4acec MD5 | raw file
  1. <?php
  2. function show_page() {
  3. global $_GET, $data, $path, $style, $session_id, $header, $default_language, $default_style;
  4. if (isset($data["type"]) && $data["type"] == 2) { //does the user have admin rights?
  5. if (!isset($_GET["act"])) $_GET["act"] = "page";
  6. switch ($_GET["act"]) {
  7. case "userdata": //list of users
  8. $contents = getUserData(1, 1, "");
  9. //echo("test");
  10. header ($header["xml"]);
  11. break;
  12. case "userlist": //user's data
  13. $filename = $path[$style]["tpl"]."/users.xml";
  14. $fp = fopen($filename, "r");
  15. $contents = fread($fp, filesize ($filename));
  16. fclose ($fp);
  17. preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
  18. $rep_cont = "";
  19. $i_max = getMultData("select * from user order by login;", $usersdata);
  20. //User Data
  21. for ($i = 0; $i < $i_max; $i++) {
  22. $tmp_cont = str_replace("%USER_ID%", $usersdata[$i]["user_id"], $matches[1]);
  23. $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);
  24. $tmp_cont = str_replace("%USER_NM%", $usersdata[$i]["lname"].", ".
  25. $usersdata[$i]["fname"]." (".$usersdata[$i]["login"].")", $tmp_cont);
  26. $tmp_cont = str_replace("%USER_LN%", "index.php?trg=admin&amp;act=userdata&amp;sid=".
  27. $session_id."&amp;uid=".$usersdata[$i]["user_id"], $tmp_cont);
  28. $rep_cont .= $tmp_cont;
  29. }
  30. $contents = str_replace($matches[0], $rep_cont, $contents);
  31. header ($header["xml"]);
  32. break;
  33. case "update": //user's data
  34. $comment = "";
  35. if (isset($_GET["uid"]) && isset($_GET["ufname"]) && isset($_GET["ulname"]) && isset($_GET["ulogin"]) && isset($_GET["utype"])) {
  36. $_GET["ufname"] = utf8Encode($_GET["ufname"]);
  37. $_GET["ulname"] = utf8Encode($_GET["ulname"]);
  38. $_GET["ulogin"] = utf8Encode($_GET["ulogin"]);
  39. $_GET["utype"] = utf8Encode($_GET["utype"]);
  40. /*$tmpfile = fopen("test.txt","w");
  41. foreach ($_GET as $key => $value) {
  42. fwrite($tmpfile, "\nKey: $key; Value: $value");
  43. } */
  44. //$datatmp = null;
  45. /*$tmpfile = fopen("test.txt","w");
  46. $fp = fwrite($tmpfile,$_GET["ulname"]);
  47. fclose($tmpfile);*/
  48. $tmpSQL = "SELECT * FROM user where user_id <> ".
  49. $_GET["uid"]." AND login = '".
  50. $_GET["ulogin"]."';";
  51. /*print ($tmpSQL);
  52. print (getData($tmpSQL, $datatmp));
  53. print " Found: ".$datatmp["user_id"]." ".$datatmp["login"];*/
  54. if ( $_GET["ufname"] == "" || $_GET["ulname"] == "" || $_GET["ulogin"] == "" ||
  55. $_GET["utype"] > 2 || $_GET["utype"] < 0 ||
  56. getData($tmpSQL, $datatmp) > 0 ) {
  57. fwrite($tmpfile, "\nEmpty name!\n");
  58. $comment = getMessage("EmptyName");
  59. } else {
  60. //fwrite($tmpfile, "\nUpdating...\n");
  61. $sql_str = "UPDATE user SET user.login = '".$_GET["ulogin"].
  62. "', user.type = '".$_GET["utype"].
  63. "', user.fname = '".$_GET["ufname"].
  64. "', user.lname = '".$_GET["ulname"].
  65. "' WHERE user.user_id=".$_GET["uid"].";";
  66. insertRecord($sql_str);
  67. }
  68. $contents = getUserData(1, 0, $comment);
  69. //fclose($tmpfile);
  70. }
  71. if (isset($_GET["uid"]) && isset($_GET["upass1"]) && isset($_GET["upass2"])) {
  72. $_GET["upass1"] = utf8Encode($_GET["upass1"]);
  73. $_GET["upass2"] = utf8Encode($_GET["upass2"]);
  74. if ( $_GET["upass1"] == "" || $_GET["upass2"] == "" || $_GET["upass1"] != $_GET["upass2"]) {
  75. $comment = getMessage("NewRePWD");
  76. } else {
  77. $sql_str = "UPDATE user SET user.pwd = '".md5($_GET["upass2"]).
  78. "' WHERE user.user_id=".$_GET["uid"].";";
  79. insertRecord($sql_str);
  80. }
  81. $contents = getUserData(0, 1, $comment);
  82. }
  83. header ($header["xml"]);
  84. break;
  85. case "delete": //user's data
  86. $filename = $path[$style]["tpl"]."/action.xml";
  87. $fp = fopen($filename, "r");
  88. $contents = fread($fp, filesize ($filename));
  89. fclose ($fp);
  90. preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
  91. if (isset($_GET["uid"]) && $_GET["uid"] != $data["user_id"]) {
  92. insertRecord("DELETE FROM user WHERE user_id=".
  93. $_GET["uid"].";");
  94. $contents = str_replace("%SCCSS%", "1", $contents);
  95. }
  96. else {
  97. $contents = str_replace("%SCCSS%", "0", $contents);
  98. }
  99. $contents = str_replace($matches[0], "", $contents);
  100. $contents = str_replace("%ACT_ID%", "Delete", $contents);
  101. $contents = str_replace("%PARENT%", $_GET["uid"], $contents);
  102. header ($header["xml"]);
  103. break;
  104. case "addnew": //user's data
  105. $filename = $path[$style]["tpl"]."/action.xml";
  106. $fp = fopen($filename, "r");
  107. $contents = fread($fp, filesize ($filename));
  108. fclose ($fp);
  109. preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
  110. insertRecord("INSERT INTO user (fname, lname) VALUES('".
  111. $session_id."','".$session_id."');");
  112. if (getData("SELECT user_id FROM user where fname = '".
  113. $session_id."' AND lname = '".$session_id."';", $datatmp) == 1) {
  114. $sql_str = "UPDATE user SET user.login = '".getMessage("Login").
  115. "', user.type = 0, user.fname = '".getMessage("First name").
  116. "', user.lname = '".getMessage("Last name").
  117. "', user.style = '".$default_style.
  118. "', user.lang = ".$default_language.
  119. " WHERE user.user_id=".$datatmp["user_id"].";";
  120. insertRecord($sql_str);
  121. //print ($sql_str);
  122. $contents = str_replace("%SCCSS%", "1", $contents);
  123. }
  124. else {
  125. $contents = str_replace("%SCCSS%", "0", $contents);
  126. $datatmp["user_id"] = 0;
  127. }
  128. $tmp_cont = str_replace("%NODE_ID%", $datatmp["user_id"], $matches[1]);
  129. $tmp_cont = str_replace("%NODE_NM%", getMessage("Last name").", ".
  130. getMessage("First name")." (".getMessage("Login").")", $tmp_cont);
  131. $tmp_cont = str_replace("%NODE_LN%", "index.php?trg=admin&amp;act=userdata&amp;sid=".
  132. $session_id."&amp;uid=".$datatmp["user_id"], $tmp_cont);
  133. $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);
  134. $contents = str_replace($matches[0], $tmp_cont, $contents);
  135. $contents = str_replace("%ACT_ID%", "Add", $contents);
  136. $contents = str_replace("%PARENT%", "root", $contents);
  137. header ($header["xml"]);
  138. break;
  139. default: //including "page"
  140. $filename = $path[$style]["tpl"]."/admin.htm";
  141. $fp = fopen($filename, "r");
  142. $contents = fread($fp, filesize ($filename));
  143. fclose ($fp);
  144. $contents = str_replace("%ROOT_CSS%", $path[$style]["css"], $contents);
  145. $contents = str_replace("%ROOT_IMG%", $path[$style]["img"], $contents);
  146. $contents = str_replace("%ROOT_JAVA%", $path[$style]["java"], $contents);
  147. $contents = str_replace("%SID%", $session_id, $contents);
  148. $contents = str_replace("%TRG%", "admin", $contents);
  149. $contents = str_replace("%LOGOUT%", getMessage("Logout"), $contents);
  150. $contents = str_replace("%MAINMENU%", getMessage("Main menu"), $contents);
  151. $contents = str_replace("%ADMIN%", getMessage("Administrator"), $contents);
  152. $contents = str_replace("%ADD%", getMessage("Add"), $contents);
  153. $contents = str_replace("%DEL%", getMessage("Delete"), $contents);
  154. $contents = str_replace("%LOAD%", getMessage("Loading"), $contents);
  155. $contents = str_replace("%UNAVAIL%", getMessage("Unavailable"), $contents);
  156. header ($header["html"]);
  157. break;
  158. }
  159. header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
  160. header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
  161. header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
  162. header ("Pragma: no-cache"); // HTTP/1.0
  163. print ($contents);
  164. }
  165. else { //no admin rights
  166. header("Location: index.php?trg=main&sid=".$session_id);
  167. }
  168. }
  169. function getUserData($showdata, $showpassword, $comment) {
  170. global $_GET, $path, $style, $session_id, $data;
  171. $filename = $path[$style]["tpl"]."/userdata.xml";
  172. $fp = fopen($filename, "r");
  173. $contents = fread($fp, filesize ($filename));
  174. fclose ($fp);
  175. preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
  176. preg_match("/\%REPDAT\%(.*?)\%REPDAT\%/s", $matches[1], $datmatches);
  177. preg_match("/\%REPOPT\%(.*?)\%REPOPT\%/s", $datmatches[1], $optmatches);
  178. $rep_cont = "";
  179. getData("select * from user where user_id=".$_GET["uid"].";", $userdata);
  180. $udata = "";
  181. if ($showdata) { //User data
  182. $contents = str_replace("%NAME%", $userdata["lname"].", ".
  183. $userdata["fname"]." (".$userdata["login"].")", $contents);
  184. //First name
  185. $fname = str_replace($optmatches[0], "", $datmatches[1]);
  186. $fname = str_replace("%TYPE%", "Text", $fname);
  187. $fname = str_replace("%NODE_ID%", "ufname", $fname);
  188. $fname = str_replace("%NODE_TL%", getMessage("First name"), $fname);
  189. $fname = str_replace("%VALUE%", $userdata["fname"], $fname);
  190. //LastName
  191. $lname = str_replace($optmatches[0], "", $datmatches[1]);
  192. $lname = str_replace("%TYPE%", "Text", $lname);
  193. $lname = str_replace("%NODE_ID%", "ulname", $lname);
  194. $lname = str_replace("%NODE_TL%", getMessage("Last name"), $lname);
  195. $lname = str_replace("%VALUE%", $userdata["lname"], $lname);
  196. //Login
  197. $login = str_replace($optmatches[0], "", $datmatches[1]);
  198. $login = str_replace("%TYPE%", "Text", $login);
  199. $login = str_replace("%NODE_ID%", "ulogin", $login);
  200. $login = str_replace("%NODE_TL%", getMessage("Login"), $login);
  201. $login = str_replace("%VALUE%", $userdata["login"], $login);
  202. //Type
  203. if ($_GET["uid"] == $data["user_id"]) { //an admin cannot change his own type
  204. $opt1 = str_replace($optmatches[0], "", $datmatches[1]);
  205. $opt1 = str_replace("%TYPE%", "Hidden", $opt1);
  206. $opt1 = str_replace("%NODE_ID%", "utype", $opt1);
  207. $opt1 = str_replace("%NODE_TL%", "", $opt1);
  208. $opt1 = str_replace("%VALUE%", $userdata["type"], $opt1);
  209. $utype = str_replace($optmatches[0], "", $datmatches[1]);
  210. $utype = str_replace("%TYPE%", "Label", $utype);
  211. $utype = str_replace("%NODE_ID%", "", $utype);
  212. $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
  213. switch ($userdata["type"]) { //just in case...
  214. case 2: $utype = str_replace("%VALUE%", getMessage("Admin"), $utype);
  215. case 1: $utype = str_replace("%VALUE%", getMessage("RegUser"), $utype);
  216. default: $utype = str_replace("%VALUE%", getMessage("Guest"), $utype);
  217. }
  218. $utype = $opt1.$utype;
  219. }
  220. else {
  221. //options
  222. $opt1 = str_replace("%OPT_ID%", "1", $optmatches[1]);
  223. $opt1 = str_replace("%OPT_TL%", getMessage("RegUser"), $opt1);
  224. if ($userdata["type"] == 1) $opt1 = str_replace("%SELECTED%", "selected", $opt1);
  225. else $opt1 = str_replace("%SELECTED%", "0", $opt1);
  226. $opt2 = str_replace("%OPT_ID%", "0", $optmatches[1]);
  227. $opt2 = str_replace("%OPT_TL%", getMessage("Guest"), $opt2);
  228. if ($userdata["type"] == 0) $opt2 = str_replace("%SELECTED%", "selected", $opt2);
  229. else $opt2 = str_replace("%SELECTED%", "0", $opt2);
  230. $opt3 = str_replace("%OPT_ID%", "2", $optmatches[1]);
  231. $opt3 = str_replace("%OPT_TL%", getMessage("Admin"), $opt3);
  232. if ($userdata["type"] == 2) $opt3 = str_replace("%SELECTED%", "selected", $opt3);
  233. else $opt3 = str_replace("%SELECTED%", "0", $opt3);
  234. //type
  235. $utype = str_replace($optmatches[0], $opt1.$opt2.$opt3, $datmatches[1]);
  236. $utype = str_replace("%TYPE%", "Option", $utype);
  237. $utype = str_replace("%NODE_ID%", "utype", $utype);
  238. $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
  239. }
  240. //Label
  241. $lablttt = str_replace($optmatches[0], "", $datmatches[1]);
  242. $lablttt = str_replace("%TYPE%", "Label", $lablttt);
  243. $lablttt = str_replace("%NODE_ID%", "", $lablttt);
  244. if ($comment != "") $lablttt = str_replace("%NODE_TL%", getMessage("Error"), $lablttt);
  245. else $lablttt = str_replace("%NODE_TL%", "", $lablttt);
  246. //$lablttt = str_replace("%VALUE%", $userdata["type"], $lablttt);
  247. $lablttt = str_replace("%VALUE%", $comment, $lablttt);
  248. //button
  249. $ubutn = str_replace($optmatches[0], "", $datmatches[1]);
  250. $ubutn = str_replace("%TYPE%", "Button", $ubutn);
  251. $ubutn = str_replace("%NODE_ID%", "ubutn", $ubutn);
  252. $ubutn = str_replace("%NODE_TL%", getMessage("Save"), $ubutn);
  253. $ubutn = str_replace("%VALUE%", "'0','ufname','ulname','ulogin','utype'", $ubutn);
  254. //User
  255. $udata = str_replace($datmatches[0], $fname.$lname.$login.$utype.$lablttt.$ubutn, $matches[1]);
  256. $udata = str_replace("%GROUP_ID%", "0", $udata);
  257. $udata = str_replace("%GROUP_TL%", getMessage("User data"), $udata);
  258. //print "****".$udata."****";
  259. }
  260. $updata = "";
  261. if ($showpassword) { //User password
  262. //P1
  263. $upass1 = str_replace($optmatches[0], "", $datmatches[1]);
  264. $upass1 = str_replace("%TYPE%", "Password", $upass1);
  265. $upass1 = str_replace("%NODE_ID%", "upass1", $upass1);
  266. $upass1 = str_replace("%NODE_TL%", getMessage("Password"), $upass1);
  267. $upass1 = str_replace("%VALUE%", "", $upass1);
  268. //P2
  269. $upass2 = str_replace($optmatches[0], "", $datmatches[1]);
  270. $upass2 = str_replace("%TYPE%", "Password", $upass2);
  271. $upass2 = str_replace("%NODE_ID%", "upass2", $upass2);
  272. $upass2 = str_replace("%NODE_TL%", getMessage("RepeatPass"), $upass2);
  273. $upass2 = str_replace("%VALUE%", "", $upass2);
  274. //Label
  275. $labltt = str_replace($optmatches[0], "", $datmatches[1]);
  276. $labltt = str_replace("%TYPE%", "Label", $labltt);
  277. $labltt = str_replace("%NODE_ID%", "", $labltt);
  278. if ($comment != "") $labltt = str_replace("%NODE_TL%", getMessage("Error"), $labltt);
  279. else $labltt = str_replace("%NODE_TL%", "", $labltt);
  280. $labltt = str_replace("%VALUE%", $comment, $labltt);
  281. //button
  282. $ubutn2 = str_replace($optmatches[0], "", $datmatches[1]);
  283. $ubutn2 = str_replace("%TYPE%", "Button", $ubutn2);
  284. $ubutn2 = str_replace("%NODE_ID%", "ubutn2", $ubutn2);
  285. $ubutn2 = str_replace("%NODE_TL%", getMessage("ChangePass"), $ubutn2);
  286. $ubutn2 = str_replace("%VALUE%", "'1','upass1','upass2'", $ubutn2);
  287. $updata = str_replace($datmatches[0], $upass1.$upass2.$labltt.$ubutn2, $matches[1]);
  288. $updata = str_replace("%GROUP_ID%", "1", $updata);
  289. $updata = str_replace("%GROUP_TL%", getMessage("Password"), $updata);
  290. //print "****".$udata."****";
  291. }
  292. return str_replace($matches[0], $udata.$updata, $contents);
  293. }
  294. ?>