PageRenderTime 42ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/src/php/webdeso2/scripts/admin/admin.php

http://ambulances.googlecode.com/
PHP | 313 lines | 262 code | 19 blank | 32 comment | 58 complexity | cc9d374bf98c6a72e5564d2032e4acec MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. function show_page() {

    4. 

  4.   global $_GET, $data, $path, $style, $session_id, $header, $default_language, $default_style;

    5. 

  5.   if (isset($data["type"]) && $data["type"] == 2) { //does the user have admin rights?

    6. 

  6.     if (!isset($_GET["act"])) $_GET["act"] = "page";

    7. 

  7.     switch ($_GET["act"]) {

    8. 

  8.       case "userdata": //list of users

    9. 

  9.         $contents = getUserData(1, 1, "");

    10. 

  10.         //echo("test");

    11. 

  11.         header ($header["xml"]);

    12. 

  12.         break;

    13. 

  13.       case "userlist": //user's data

    14. 

  14.         $filename = $path[$style]["tpl"]."/users.xml";

    15. 

  15.         $fp = fopen($filename, "r");

    16. 

  16.         $contents = fread($fp, filesize ($filename));

    17. 

  17.         fclose ($fp);

    18. 

  18. 

    19. 

  19.         preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);

    20. 

  20.         $rep_cont = "";

    21. 

  21.         $i_max = getMultData("select * from user order by login;", $usersdata);

    22. 

  22. 

    23. 

  23.         //User Data

    24. 

  24.         for ($i = 0; $i < $i_max; $i++) {

    25. 

  25.           $tmp_cont = str_replace("%USER_ID%", $usersdata[$i]["user_id"], $matches[1]);

    26. 

  26.           $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);

    27. 

  27.           $tmp_cont = str_replace("%USER_NM%", $usersdata[$i]["lname"].", ".

    28. 

  28.             $usersdata[$i]["fname"]." (".$usersdata[$i]["login"].")", $tmp_cont);

    29. 

  29.           $tmp_cont = str_replace("%USER_LN%", "index.php?trg=admin&amp;act=userdata&amp;sid=".

    30. 

  30.             $session_id."&amp;uid=".$usersdata[$i]["user_id"], $tmp_cont);

    31. 

  31.           $rep_cont .= $tmp_cont;

    32. 

  32.         }

    33. 

  33.         $contents = str_replace($matches[0], $rep_cont, $contents);

    34. 

  34.         header ($header["xml"]);

    35. 

  35.         break;

    36. 

  36.       case "update": //user's data

    37. 

  37.         $comment = "";

    38. 

  38.         if (isset($_GET["uid"]) && isset($_GET["ufname"]) && isset($_GET["ulname"]) && isset($_GET["ulogin"]) && isset($_GET["utype"])) {

    39. 

  39.           $_GET["ufname"] = utf8Encode($_GET["ufname"]);

    40. 

  40.           $_GET["ulname"] = utf8Encode($_GET["ulname"]);

    41. 

  41.           $_GET["ulogin"] = utf8Encode($_GET["ulogin"]);

    42. 

  42.           $_GET["utype"] = utf8Encode($_GET["utype"]);

    43. 

  43.           /*$tmpfile = fopen("test.txt","w");

    44. 

  44.           foreach ($_GET as $key => $value) {

    45. 

  45.             fwrite($tmpfile, "\nKey: $key; Value: $value");

    46. 

  46.           } */

    47. 

  47.           //$datatmp = null;

    48. 

  48.           /*$tmpfile = fopen("test.txt","w");

    49. 

  49.           $fp = fwrite($tmpfile,$_GET["ulname"]);

    50. 

  50.           fclose($tmpfile);*/

    51. 

  51.           $tmpSQL = "SELECT * FROM user where user_id <> ".

    52. 

  52.               $_GET["uid"]." AND login = '".

    53. 

  53.               $_GET["ulogin"]."';";

    54. 

  54.           /*print ($tmpSQL);

    55. 

  55.           print (getData($tmpSQL, $datatmp));

    56. 

  56.           print " Found: ".$datatmp["user_id"]." ".$datatmp["login"];*/

    57. 

  57.           if ( $_GET["ufname"] == "" || $_GET["ulname"] == "" || $_GET["ulogin"] == "" ||

    58. 

  58.             $_GET["utype"] > 2 || $_GET["utype"] < 0 ||

    59. 

  59.             getData($tmpSQL, $datatmp) > 0 ) {

    60. 

  60.             fwrite($tmpfile, "\nEmpty name!\n");

    61. 

  61.             $comment = getMessage("EmptyName");

    62. 

  62.           } else {

    63. 

  63.             //fwrite($tmpfile, "\nUpdating...\n");

    64. 

  64.             $sql_str = "UPDATE user SET user.login = '".$_GET["ulogin"].

    65. 

  65.               "', user.type = '".$_GET["utype"].

    66. 

  66.               "', user.fname = '".$_GET["ufname"].

    67. 

  67.               "', user.lname = '".$_GET["ulname"].

    68. 

  68.               "' WHERE user.user_id=".$_GET["uid"].";";

    69. 

  69.             insertRecord($sql_str);

    70. 

  70.           }

    71. 

  71.         $contents = getUserData(1, 0, $comment);

    72. 

  72.         //fclose($tmpfile);

    73. 

  73.         }

    74. 

  74.         if (isset($_GET["uid"]) && isset($_GET["upass1"]) && isset($_GET["upass2"])) {

    75. 

  75.           $_GET["upass1"] = utf8Encode($_GET["upass1"]);

    76. 

  76.           $_GET["upass2"] = utf8Encode($_GET["upass2"]);

    77. 

  77.           if ( $_GET["upass1"] == "" || $_GET["upass2"] == "" || $_GET["upass1"] != $_GET["upass2"]) {

    78. 

  78.             $comment = getMessage("NewRePWD");

    79. 

  79.           } else {

    80. 

  80.             $sql_str = "UPDATE user SET user.pwd = '".md5($_GET["upass2"]).

    81. 

  81.               "' WHERE user.user_id=".$_GET["uid"].";";

    82. 

  82.             insertRecord($sql_str);

    83. 

  83.           }

    84. 

  84.         $contents = getUserData(0, 1, $comment);

    85. 

  85.         }

    86. 

  86.         header ($header["xml"]);

    87. 

  87.         break;

    88. 

  88.       case "delete": //user's data

    89. 

  89.         $filename = $path[$style]["tpl"]."/action.xml";

    90. 

  90.         $fp = fopen($filename, "r");

    91. 

  91.         $contents = fread($fp, filesize ($filename));

    92. 

  92.         fclose ($fp);

    93. 

  93.         preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);

    94. 

  94. 

    95. 

  95.         if (isset($_GET["uid"]) && $_GET["uid"] != $data["user_id"]) {

    96. 

  96.           insertRecord("DELETE FROM user WHERE user_id=".

    97. 

  97.             $_GET["uid"].";");

    98. 

  98.           $contents = str_replace("%SCCSS%", "1", $contents);

    99. 

  99.         }

    100. 

  100.         else {

    101. 

  101.           $contents = str_replace("%SCCSS%", "0", $contents);

    102. 

  102.         }

    103. 

  103. 

    104. 

  104.         $contents = str_replace($matches[0], "", $contents);

    105. 

  105.         $contents = str_replace("%ACT_ID%", "Delete", $contents);

    106. 

  106.         $contents = str_replace("%PARENT%", $_GET["uid"], $contents);

    107. 

  107.         header ($header["xml"]);

    108. 

  108.         break;

    109. 

  109.       case "addnew": //user's data

    110. 

  110.         $filename = $path[$style]["tpl"]."/action.xml";

    111. 

  111.         $fp = fopen($filename, "r");

    112. 

  112.         $contents = fread($fp, filesize ($filename));

    113. 

  113.         fclose ($fp);

    114. 

  114.         preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);

    115. 

  115. 

    116. 

  116.         insertRecord("INSERT INTO user (fname, lname) VALUES('".

    117. 

  117.           $session_id."','".$session_id."');");

    118. 

  118.         if (getData("SELECT user_id FROM user where fname = '".

    119. 

  119.           $session_id."' AND lname = '".$session_id."';", $datatmp) == 1) {

    120. 

  120.           $sql_str = "UPDATE user SET user.login = '".getMessage("Login").

    121. 

  121.             "', user.type = 0, user.fname = '".getMessage("First name").

    122. 

  122.             "', user.lname = '".getMessage("Last name").

    123. 

  123.             "', user.style = '".$default_style.

    124. 

  124.             "', user.lang = ".$default_language.

    125. 

  125.             " WHERE user.user_id=".$datatmp["user_id"].";";

    126. 

  126.           insertRecord($sql_str);

    127. 

  127.           //print ($sql_str);

    128. 

  128.           $contents = str_replace("%SCCSS%", "1", $contents);

    129. 

  129.         }

    130. 

  130.         else {

    131. 

  131.           $contents = str_replace("%SCCSS%", "0", $contents);

    132. 

  132.           $datatmp["user_id"] = 0;

    133. 

  133.         }

    134. 

  134. 

    135. 

  135.         $tmp_cont = str_replace("%NODE_ID%", $datatmp["user_id"], $matches[1]);

    136. 

  136.         $tmp_cont = str_replace("%NODE_NM%", getMessage("Last name").", ".

    137. 

  137.           getMessage("First name")." (".getMessage("Login").")", $tmp_cont);

    138. 

  138.         $tmp_cont = str_replace("%NODE_LN%", "index.php?trg=admin&amp;act=userdata&amp;sid=".

    139. 

  139.           $session_id."&amp;uid=".$datatmp["user_id"], $tmp_cont);

    140. 

  140.         $tmp_cont = str_replace("%IMG_TYPE%", "user", $tmp_cont);

    141. 

  141. 

    142. 

  142.         $contents = str_replace($matches[0], $tmp_cont, $contents);

    143. 

  143.         $contents = str_replace("%ACT_ID%", "Add", $contents);

    144. 

  144.         $contents = str_replace("%PARENT%", "root", $contents);

    145. 

  145.         header ($header["xml"]);

    146. 

  146.         break;

    147. 

  147.       default: //including "page"

    148. 

  148.         $filename = $path[$style]["tpl"]."/admin.htm";

    149. 

  149.         $fp = fopen($filename, "r");

    150. 

  150.         $contents = fread($fp, filesize ($filename));

    151. 

  151.         fclose ($fp);

    152. 

  152. 

    153. 

  153.         $contents = str_replace("%ROOT_CSS%", $path[$style]["css"], $contents);

    154. 

  154.         $contents = str_replace("%ROOT_IMG%", $path[$style]["img"], $contents);

    155. 

  155.         $contents = str_replace("%ROOT_JAVA%", $path[$style]["java"], $contents);

    156. 

  156. 

    157. 

  157.         $contents = str_replace("%SID%", $session_id, $contents);

    158. 

  158.         $contents = str_replace("%TRG%", "admin", $contents);

    159. 

  159. 

    160. 

  160.         $contents = str_replace("%LOGOUT%", getMessage("Logout"), $contents);

    161. 

  161.         $contents = str_replace("%MAINMENU%", getMessage("Main menu"), $contents);

    162. 

  162.         $contents = str_replace("%ADMIN%", getMessage("Administrator"), $contents);

    163. 

  163.         $contents = str_replace("%ADD%", getMessage("Add"), $contents);

    164. 

  164.         $contents = str_replace("%DEL%", getMessage("Delete"), $contents);

    165. 

  165.         $contents = str_replace("%LOAD%", getMessage("Loading"), $contents);

    166. 

  166.         $contents = str_replace("%UNAVAIL%", getMessage("Unavailable"), $contents);

    167. 

  167.         header ($header["html"]);

    168. 

  168.         break;

    169. 

  169.     }

    170. 

  170.     header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past

    171. 

  171.     header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified

    172. 

  172.     header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1

    173. 

  173.     header ("Pragma: no-cache");                          // HTTP/1.0

    174. 

  174.     print ($contents);

    175. 

  175.   }

    176. 

  176.   else { //no admin rights

    177. 

  177.     header("Location: index.php?trg=main&sid=".$session_id);

    178. 

  178.   }

    179. 

  179. }

    180. 

  180. 

    181. 

  181. function getUserData($showdata, $showpassword, $comment) {

    182. 

  182.   global $_GET, $path, $style, $session_id, $data;

    183. 

  183.   $filename = $path[$style]["tpl"]."/userdata.xml";

    184. 

  184.   $fp = fopen($filename, "r");

    185. 

  185.   $contents = fread($fp, filesize ($filename));

    186. 

  186.   fclose ($fp);

    187. 

  187. 

    188. 

  188.   preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);

    189. 

  189.   preg_match("/\%REPDAT\%(.*?)\%REPDAT\%/s", $matches[1], $datmatches);

    190. 

  190.   preg_match("/\%REPOPT\%(.*?)\%REPOPT\%/s", $datmatches[1], $optmatches);

    191. 

  191.   $rep_cont = "";

    192. 

  192.   getData("select * from user where user_id=".$_GET["uid"].";", $userdata);

    193. 

  193. 

    194. 

  194.   $udata = "";

    195. 

  195.   if ($showdata) {  //User data

    196. 

  196.     $contents = str_replace("%NAME%", $userdata["lname"].", ".

    197. 

  197.             $userdata["fname"]." (".$userdata["login"].")", $contents);

    198. 

  198.     //First name

    199. 

  199.     $fname = str_replace($optmatches[0], "", $datmatches[1]);

    200. 

  200.     $fname = str_replace("%TYPE%", "Text", $fname);

    201. 

  201.     $fname = str_replace("%NODE_ID%", "ufname", $fname);

    202. 

  202.     $fname = str_replace("%NODE_TL%", getMessage("First name"), $fname);

    203. 

  203.     $fname = str_replace("%VALUE%", $userdata["fname"], $fname);

    204. 

  204.     //LastName

    205. 

  205.     $lname = str_replace($optmatches[0], "", $datmatches[1]);

    206. 

  206.     $lname = str_replace("%TYPE%", "Text", $lname);

    207. 

  207.     $lname = str_replace("%NODE_ID%", "ulname", $lname);

    208. 

  208.     $lname = str_replace("%NODE_TL%", getMessage("Last name"), $lname);

    209. 

  209.     $lname = str_replace("%VALUE%", $userdata["lname"], $lname);

    210. 

  210.     //Login

    211. 

  211.     $login = str_replace($optmatches[0], "", $datmatches[1]);

    212. 

  212.     $login = str_replace("%TYPE%", "Text", $login);

    213. 

  213.     $login = str_replace("%NODE_ID%", "ulogin", $login);

    214. 

  214.     $login = str_replace("%NODE_TL%", getMessage("Login"), $login);

    215. 

  215.     $login = str_replace("%VALUE%", $userdata["login"], $login);

    216. 

  216.     //Type

    217. 

  217.     if ($_GET["uid"] == $data["user_id"]) {  //an admin cannot change his own type

    218. 

  218.       $opt1 = str_replace($optmatches[0], "", $datmatches[1]);

    219. 

  219.       $opt1 = str_replace("%TYPE%", "Hidden", $opt1);

    220. 

  220.       $opt1 = str_replace("%NODE_ID%", "utype", $opt1);

    221. 

  221.       $opt1 = str_replace("%NODE_TL%", "", $opt1);

    222. 

  222.       $opt1 = str_replace("%VALUE%", $userdata["type"], $opt1);

    223. 

  223.       $utype = str_replace($optmatches[0], "", $datmatches[1]);

    224. 

  224.       $utype = str_replace("%TYPE%", "Label", $utype);

    225. 

  225.       $utype = str_replace("%NODE_ID%", "", $utype);

    226. 

  226.       $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);

    227. 

  227.       switch ($userdata["type"]) {  //just in case...

    228. 

  228.         case 2: $utype = str_replace("%VALUE%", getMessage("Admin"), $utype);

    229. 

  229.         case 1: $utype = str_replace("%VALUE%", getMessage("RegUser"), $utype);

    230. 

  230.         default: $utype = str_replace("%VALUE%", getMessage("Guest"), $utype);

    231. 

  231.       }

    232. 

  232.       $utype = $opt1.$utype;

    233. 

  233.     }

    234. 

  234.     else {

    235. 

  235.       //options

    236. 

  236.       $opt1 = str_replace("%OPT_ID%", "1", $optmatches[1]);

    237. 

  237.       $opt1 = str_replace("%OPT_TL%", getMessage("RegUser"), $opt1);

    238. 

  238.       if ($userdata["type"] == 1) $opt1 = str_replace("%SELECTED%", "selected", $opt1);

    239. 

  239.       else $opt1 = str_replace("%SELECTED%", "0", $opt1);

    240. 

  240. 

    241. 

  241.       $opt2 = str_replace("%OPT_ID%", "0", $optmatches[1]);

    242. 

  242.       $opt2 = str_replace("%OPT_TL%", getMessage("Guest"), $opt2);

    243. 

  243.       if ($userdata["type"] == 0) $opt2 = str_replace("%SELECTED%", "selected", $opt2);

    244. 

  244.       else $opt2 = str_replace("%SELECTED%", "0", $opt2);

    245. 

  245. 

    246. 

  246.       $opt3 = str_replace("%OPT_ID%", "2", $optmatches[1]);

    247. 

  247.       $opt3 = str_replace("%OPT_TL%", getMessage("Admin"), $opt3);

    248. 

  248.       if ($userdata["type"] == 2) $opt3 = str_replace("%SELECTED%", "selected", $opt3);

    249. 

  249.       else $opt3 = str_replace("%SELECTED%", "0", $opt3);

    250. 

  250.       //type

    251. 

  251.       $utype = str_replace($optmatches[0], $opt1.$opt2.$opt3, $datmatches[1]);

    252. 

  252.       $utype = str_replace("%TYPE%", "Option", $utype);

    253. 

  253.       $utype = str_replace("%NODE_ID%", "utype", $utype);

    254. 

  254.       $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);

    255. 

  255.     }

    256. 

  256.     //Label

    257. 

  257.     $lablttt = str_replace($optmatches[0], "", $datmatches[1]);

    258. 

  258.     $lablttt = str_replace("%TYPE%", "Label", $lablttt);

    259. 

  259.     $lablttt = str_replace("%NODE_ID%", "", $lablttt);

    260. 

  260.     if ($comment != "") $lablttt = str_replace("%NODE_TL%", getMessage("Error"), $lablttt);

    261. 

  261.     else $lablttt = str_replace("%NODE_TL%", "", $lablttt);

    262. 

  262.     //$lablttt = str_replace("%VALUE%", $userdata["type"], $lablttt);

    263. 

  263.     $lablttt = str_replace("%VALUE%", $comment, $lablttt);

    264. 

  264.     //button

    265. 

  265.     $ubutn = str_replace($optmatches[0], "", $datmatches[1]);

    266. 

  266.     $ubutn = str_replace("%TYPE%", "Button", $ubutn);

    267. 

  267.     $ubutn = str_replace("%NODE_ID%", "ubutn", $ubutn);

    268. 

  268.     $ubutn = str_replace("%NODE_TL%", getMessage("Save"), $ubutn);

    269. 

  269.     $ubutn = str_replace("%VALUE%", "'0','ufname','ulname','ulogin','utype'", $ubutn);

    270. 

  270.     //User

    271. 

  271.     $udata = str_replace($datmatches[0], $fname.$lname.$login.$utype.$lablttt.$ubutn, $matches[1]);

    272. 

  272.     $udata = str_replace("%GROUP_ID%", "0", $udata);

    273. 

  273.     $udata = str_replace("%GROUP_TL%", getMessage("User data"), $udata);

    274. 

  274.     //print "****".$udata."****";

    275. 

  275.   }

    276. 

  276. 

    277. 

  277.   $updata = "";

    278. 

  278.   if ($showpassword) {  //User password

    279. 

  279.     //P1

    280. 

  280.     $upass1 = str_replace($optmatches[0], "", $datmatches[1]);

    281. 

  281.     $upass1 = str_replace("%TYPE%", "Password", $upass1);

    282. 

  282.     $upass1 = str_replace("%NODE_ID%", "upass1", $upass1);

    283. 

  283.     $upass1 = str_replace("%NODE_TL%", getMessage("Password"), $upass1);

    284. 

  284.     $upass1 = str_replace("%VALUE%", "", $upass1);

    285. 

  285.     //P2

    286. 

  286.     $upass2 = str_replace($optmatches[0], "", $datmatches[1]);

    287. 

  287.     $upass2 = str_replace("%TYPE%", "Password", $upass2);

    288. 

  288.     $upass2 = str_replace("%NODE_ID%", "upass2", $upass2);

    289. 

  289.     $upass2 = str_replace("%NODE_TL%", getMessage("RepeatPass"), $upass2);

    290. 

  290.     $upass2 = str_replace("%VALUE%", "", $upass2);

    291. 

  291.     //Label

    292. 

  292.     $labltt = str_replace($optmatches[0], "", $datmatches[1]);

    293. 

  293.     $labltt = str_replace("%TYPE%", "Label", $labltt);

    294. 

  294.     $labltt = str_replace("%NODE_ID%", "", $labltt);

    295. 

  295.     if ($comment != "") $labltt = str_replace("%NODE_TL%", getMessage("Error"), $labltt);

    296. 

  296.     else $labltt = str_replace("%NODE_TL%", "", $labltt);

    297. 

  297.     $labltt = str_replace("%VALUE%", $comment, $labltt);

    298. 

  298.     //button

    299. 

  299.     $ubutn2 = str_replace($optmatches[0], "", $datmatches[1]);

    300. 

  300.     $ubutn2 = str_replace("%TYPE%", "Button", $ubutn2);

    301. 

  301.     $ubutn2 = str_replace("%NODE_ID%", "ubutn2", $ubutn2);

    302. 

  302.     $ubutn2 = str_replace("%NODE_TL%", getMessage("ChangePass"), $ubutn2);

    303. 

  303.     $ubutn2 = str_replace("%VALUE%", "'1','upass1','upass2'", $ubutn2);

    304. 

  304. 

    305. 

  305.     $updata = str_replace($datmatches[0], $upass1.$upass2.$labltt.$ubutn2, $matches[1]);

    306. 

  306.     $updata = str_replace("%GROUP_ID%", "1", $updata);

    307. 

  307.     $updata = str_replace("%GROUP_TL%", getMessage("Password"), $updata);

    308. 

  308.     //print "****".$udata."****";

    309. 

  309.   }

    310. 

  310. 

    311. 

  311.   return str_replace($matches[0], $udata.$updata, $contents);

    312. 

  312. }

    313. 

  313. ?>
    314.