PageRenderTime 48ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/user_view.php

http://candydolldb.googlecode.com/
PHP | 340 lines | 287 code | 50 blank | 3 comment | 75 complexity | aca7397f9b761797a4240aa6849a7cf8 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. include('cd.php');
    4. 

  4. $CurrentUser = Authentication::Authenticate();
    5. 

  5. HTMLstuff::RefererRegister($_SERVER['REQUEST_URI']);
    6. 

  6. 

  7. $UserID = Utils::SafeIntFromQS('user_id');
    8. 

  8. $DeleteUser = (array_key_exists('cmd', $_GET) && $_GET['cmd'] && ($_GET['cmd'] == COMMAND_DELETE));
    9. 

  9. 

  10. $_SESSION['UserSalt'] = NULL;
    11. 

  11. $PasswordError = FALSE;
    12. 

  12. $LanguageOptions = NULL;
    13. 

  13. $DateFormatOptions = NULL;
    14. 

  14. $RightsCheckboxes = NULL;
    15. 

  15. 

  16. $DisableControls =
    17. 

  17. 	$DeleteUser ||
    18. 

  18. 	($UserID == $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_ACCOUNT_EDIT)) ||
    19. 

  19. 	($UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_EDIT) && !is_null($UserID)) ||
    20. 

  20. 	($UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_ADD) && is_null($UserID));
    21. 

  21. 

  22. $DisableDefaultButton =
    23. 

  23. 	($UserID == $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_ACCOUNT_EDIT)) ||	
    24. 

  24. 	($UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_DELETE) && !is_null($UserID) && $DeleteUser) ||
    25. 

  25. 	($UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_EDIT) && !is_null($UserID) && !$DeleteUser) ||
    26. 

  26. 	($UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_ADD) && is_null($UserID));
    27. 

  27. 

  28. $DisableRights = 
    29. 

  29. 	$DeleteUser ||
    30. 

  30. 	(!$CurrentUser->hasPermission(RIGHT_USER_RIGHTS) && !is_null($UserID));
    31. 

  31. 

  32. /* @var $User User */
    33. 

  33. if($UserID)
    34. 

  34. {
    35. 

  35. 	$Users = User::GetUsers(new UserSearchParameters($UserID));
    36. 

  36. 

  37. 	if($Users)
    38. 

  38. 	{ $User = $Users[0]; }
    39. 

  39. 	else
    40. 

  40. 	{
    41. 

  41. 		header('location:index.php');
    42. 

  42. 		exit;
    43. 

  43. 	}
    44. 

  44. 	
    45. 

  45. 	$_SESSION['UserSalt'] = $User->getSalt();
    46. 

  46. }
    47. 

  47. else
    48. 

  48. {
    49. 

  49. 	$User = new User(NULL, $lang->g('LabelNewUser'));
    50. 

  50. }
    51. 

  51. 

  52. if(array_key_exists('hidAction', $_POST) && $_POST['hidAction'] == 'UserView')
    53. 

  53. {
    54. 

  54. 	if(array_key_exists('txtUserName', $_POST))
    55. 

  55. 	{
    56. 

  56. 		$User->setUserName(Utils::NullIfEmpty($_POST['txtUserName']));
    57. 

  57. 	}
    58. 

  58. 	
    59. 

  59. 	if(array_key_exists('hidPassword', $_POST))
    60. 

  60. 	{
    61. 

  61. 		$User->setPassword(Utils::NullIfEmpty($_POST['hidPassword']));
    62. 

  62. 		$User->setSalt(Utils::NullIfEmpty($_SESSION['UserSalt']));
    63. 

  63. 	}
    64. 

  64. 

  65. 	$User->setFirstName(Utils::NullIfEmpty($_POST['txtFirstName']));
    66. 

  66. 	$User->setInsertion(Utils::NullIfEmpty($_POST['txtInsertion']));
    67. 

  67. 	$User->setLastName(Utils::NullIfEmpty($_POST['txtLastName']));
    68. 

  68. 	$User->setEmailAddress(Utils::NullIfEmpty($_POST['txtEmailAddress']));
    69. 

  69. 	$User->setLanguage(Utils::NullIfEmpty($_POST['selectLanguage']));
    70. 

  70. 	$User->setDateDisplayOptions($_POST['selectDateformat']);
    71. 

  71. 	$User->setImageview(Utils::NullIfEmpty($_POST['selectImageview']));
    72. 

  72. 

  73. 	if($CurrentUser->hasPermission(RIGHT_USER_RIGHTS))
    74. 

  74. 	{
    75. 

  75. 		$getrights = array();
    76. 

  76. 		foreach(Rights::getDefinedRights() as $k => $v)
    77. 

  77. 		{
    78. 

  78. 			if(array_key_exists('chk'.$k, $_POST))
    79. 

  79. 			{ $getrights[] = $v; }
    80. 

  80. 		}
    81. 

  81. 		$User->setRights($getrights);
    82. 

  82. 	}
    83. 

  83. 

  84. 	if(array_key_exists('radGender', $_POST))
    85. 

  85. 	{
    86. 

  86. 		switch (intval($_POST['radGender']))
    87. 

  87. 		{
    88. 

  88. 			case GENDER_FEMALE:
    89. 

  89. 				$User->setGender(GENDER_FEMALE);
    90. 

  90. 				break;
    91. 

  91. 			case GENDER_MALE:
    92. 

  92. 				$User->setGender(GENDER_MALE);
    93. 

  93. 				break;
    94. 

  94. 			default:
    95. 

  95. 			case GENDER_UNKNOWN:
    96. 

  96. 				$User->setGender(GENDER_UNKNOWN);
    97. 

  97. 				break;
    98. 

  98. 		}
    99. 

  99. 	}
    100. 

  100. 	else
    101. 

  101. 	{ $User->setGender(GENDER_UNKNOWN); }
    102. 

  102. 

  103. 	if(array_key_exists('txtPassword', $_POST) && $_POST['txtPassword'])
    104. 

  104. 	{
    105. 

  105. 		if($_POST['txtRepeatPassword'] && $_POST['txtRepeatPassword'] == $_POST['txtPassword'])
    106. 

  106. 		{
    107. 

  107. 			$NewSalt = Utils::GenerateGarbage(20);
    108. 

  108. 			$_SESSION['UserSalt'] = $NewSalt;
    109. 

  109. 			$User->setSalt($NewSalt);
    110. 

  110. 			$User->setPassword(Utils::HashString($_POST['txtPassword'], $NewSalt));
    111. 

  111. 		}
    112. 

  112. 		else
    113. 

  113. 		{ $PasswordError = TRUE; }
    114. 

  114. 	}
    115. 

  115. 

  116. 	if($_POST['txtBirthDate'] && $_POST['txtBirthDate'] != 'YYYY-MM-DD' && strtotime($_POST['txtBirthDate']) !== FALSE)
    117. 

  117. 	{ $User->setBirthDate(strtotime($_POST['txtBirthDate'])); }
    118. 

  118. 	else
    119. 

  119. 	{ $User->setBirthDate(-1); }
    120. 

  120. 	
    121. 

  121. 	if(!$PasswordError || $DeleteUser)
    122. 

  122. 	{
    123. 

  123. 		if(Utils::ValidateEmail($User->getEmailAddress()) || $DeleteUser)
    124. 

  124. 		{
    125. 

  125. 			if($User->getID())
    126. 

  126. 			{
    127. 

  127. 				if($DeleteUser)
    128. 

  128. 				{
    129. 

  129. 				    if(User::Delete($User, $CurrentUser))
    130. 

  130. 				    {
    131. 

  131. 				    	session_regenerate_id(TRUE);
    132. 

  132. 				    	header('location:user.php');
    133. 

  133. 				    	exit;
    134. 

  134. 				    }
    135. 

  135. 				}
    136. 

  136. 				else
    137. 

  137. 				{
    138. 

  138. 				    if(User::Update($User, $CurrentUser))
    139. 

  139. 				    {
    140. 

  140. 				    	if($User->getID() == $CurrentUser->getID())
    141. 

  141. 				    	{ $_SESSION['CurrentUser'] = serialize($User); }
    142. 

  142. 				    	
    143. 

  143. 				    	session_regenerate_id(TRUE);
    144. 

  144. 				    	header('location:user.php');
    145. 

  145. 				    	exit;
    146. 

  146. 				    }
    147. 

  147. 				}
    148. 

  148. 			}
    149. 

  149. 			else
    150. 

  150. 			{
    151. 

  151. 				if(User::Insert($User, $CurrentUser))
    152. 

  152. 				{
    153. 

  153. 					session_regenerate_id(TRUE);
    154. 

  154. 					header('location:user.php');
    155. 

  155. 					exit;
    156. 

  156. 				}
    157. 

  157. 			}
    158. 

  158. 		}
    159. 

  159. 		else
    160. 

  160. 		{
    161. 

  161. 			$e = new SyntaxError(SYNTAX_ERR_EMAILADDRESS);
    162. 

  162. 			Error::AddError($e);
    163. 

  163. 		}
    164. 

  164. 	}
    165. 

  165. 	else
    166. 

  166. 	{
    167. 

  167. 		$e = new LoginError(LOGIN_ERR_PASSWORDSNOTIDENTICAL);
    168. 

  168. 		Error::AddError($e);
    169. 

  169. 	}
    170. 

  170. }
    171. 

  171. 

  172. foreach (i18n::$SupportedLanguages as $l){
    173. 

  173. 	$LanguageOptions .= sprintf("
    174. 

  174. 		<option value=\"%1\$s\"%2\$s>%3\$s%4\$s</option>",
    175. 

  175. 		$l,
    176. 

  176. 		HTMLstuff::SelectedStr($User->getLanguage() == $l),
    177. 

  177. 		$lang->g('LabelLanguage_'.$l),
    178. 

  178. 		$l == 'en' ? $lang->g('LabelSuffixDefault') : NULL
    179. 

  179. 	);
    180. 

  180. }
    181. 

  181. 

  182. foreach($DateStyleArray as $index => $format)
    183. 

  183. {
    184. 

  184. 	$DateFormatOptions .= sprintf("
    185. 

  185. 		<option value=\"%1\$d\"%2\$s>%3\$s%4\$s</option>",
    186. 

  186. 		$index,
    187. 

  187. 		HTMLstuff::SelectedStr($User->getDateDisplayOptions() == $index),
    188. 

  188. 		date($format),
    189. 

  189. 		$index == 0 ? $lang->g('LabelSuffixDefault') : NULL
    190. 

  190. 	);
    191. 

  191. }
    192. 

  192. 

  193. foreach(Rights::getDefinedRights() as $k => $v)
    194. 

  194. {
    195. 

  195. 	$RightsCheckboxes .= sprintf("<li>
    196. 

  196. 		<label for=\"chk%1\$s\" class=\"Radio\">
    197. 

  197. 			<input type=\"checkbox\" id=\"chk%1\$s\" name=\"chk%1\$s\"%3\$s%4\$s />
    198. 

  198. 			&nbsp;%2\$s
    199. 

  199. 		</label></li>",
    200. 

  200. 		$k,
    201. 

  201. 		$lang->g('Label'.$k),
    202. 

  202. 		HTMLstuff::CheckedStr($User->hasPermission($v)),
    203. 

  203. 		HTMLstuff::DisabledStr($DisableRights)
    204. 

  204. 	);
    205. 

  205. }
    206. 

  206. 

  207. echo HTMLstuff::HtmlHeader($User->GetFullName(), $CurrentUser);
    208. 

  208. ?>
    209. 

  209. 

  210. <script type="text/javascript">
    211. 

  211. //<![CDATA[
    212. 

  212. 

  213. function ToggleBoxes(){
    214. 

  214. 	$('input[id^=chkRIGHT_]').each(function(i, a){
    215. 

  215. 		$(a).attr('checked', !$(a).attr('checked')); 
    216. 

  216. 	});
    217. 

  217. 	return true;
    218. 

  218. }
    219. 

  219. 

  220. //]]>
    221. 

  221. </script>
    222. 

  222. 

  223. <h2><?php echo sprintf('<a href="index.php">%3$s</a> - <a href="user.php">%2$s</a> - %1$s',
    224. 

  224. 	htmlentities($User->getUserName()),
    225. 

  225. 	$lang->g('NavigationUsers'),
    226. 

  226. 	$lang->g('NavigationHome')
    227. 

  227. )?></h2>
    228. 

  228. 

  229. <form action="<?php echo htmlentities($_SERVER['REQUEST_URI'])?>" method="post">
    230. 

  230. <fieldset>
    231. 

  231. 

  232. <input type="hidden" id="hidAction" name="hidAction" value="UserView" />
    233. 

  233. <input type="hidden" id="hidPassword" name="hidPassword" value="<?php echo $User->getPassword()?>" />
    234. 

  234. 

  235. <?php if(
    236. 

  236. 	($CurrentUser->hasPermission(RIGHT_ACCOUNT_EDIT) && $User->getID() == $CurrentUser->getID())
    237. 

  237. 	|| $CurrentUser->hasPermission(RIGHT_USER_EDIT)
    238. 

  238. 	|| is_null($User->getID())){ ?>
    239. 

  239. 

  240. <div class="FormRow">
    241. 

  241. <label for="txtUserName"><?php echo $lang->g('LabelUsername')?>: <em>*</em></label>
    242. 

  242. <input type="text" id="txtUserName" name="txtUserName" maxlength="50" value="<?php echo $User->getUserName()?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    243. 

  243. </div>
    244. 

  244. 

  245. <?php if(
    246. 

  246. 	($CurrentUser->hasPermission(RIGHT_ACCOUNT_EDIT) && $CurrentUser->hasPermission(RIGHT_ACCOUNT_PASSWORD) && $User->getID() == $CurrentUser->getID())
    247. 

  247. 	|| $CurrentUser->hasPermission(RIGHT_USER_EDIT)
    248. 

  248. 	|| is_null($User->getID())){ ?>
    249. 

  249. 

  250. <div class="FormRow">
    251. 

  251. <label for="txtPassword"><?php echo $lang->g('LabelPassword')?>:<?php echo $UserID ? '' : ' <em>*</em>'?></label>
    252. 

  252. <input type="password" id="txtPassword" name="txtPassword" maxlength="100" value=""<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    253. 

  253. <input type="button" id="btnGenerate" name="btnGenerate" value="<?php echo $lang->g('ButtonGenerate')?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> onclick="$.get('ajax_genpass.php', function(data){$('#txtGenerated, #txtPassword, #txtRepeatPassword').val(data);});" />
    254. 

  254. <input type="text" id="txtGenerated" name="txtGenerated" class="Small" readonly="readonly" maxlength="10" value=""<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    255. 

  255. </div>
    256. 

  256. 

  257. <div class="FormRow">
    258. 

  258. <label for="txtRepeatPassword"><?php echo $lang->g('LabelRepeatPassword')?>:<?php echo $UserID ? '' : ' <em>*</em>'?></label>
    259. 

  259. <input type="password" id="txtRepeatPassword" name="txtRepeatPassword" maxlength="100" value=""<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    260. 

  260. </div>
    261. 

  261. 

  262. <?php } ?>
    263. 

  263. 

  264. <?php } ?>
    265. 

  265. 

  266. <div class="FormRow">
    267. 

  267. <label for="selectLanguage"><?php echo $lang->g('LabelLanguage')?>:</label>
    268. 

  268. <select id="selectLanguage" name="selectLanguage"<?php echo HTMLstuff::DisabledStr($DisableControls)?>><?php echo $LanguageOptions ?></select>
    269. 

  269. </div>
    270. 

  270. 

  271. <div class="FormRow">
    272. 

  272. <label for="selectDateformat"><?php echo $lang->g('LabelSelectDateFormat')?>:</label>
    273. 

  273. <select id="selectDateformat" name="selectDateformat"<?php echo HTMLstuff::DisabledStr($DisableControls)?>><?php echo $DateFormatOptions ?></select>
    274. 

  274. </div>
    275. 

  275. 

  276. <div class="FormRow">
    277. 

  277. <label for="selectImageview"><?php echo $lang->g('LabelSelectImageFormat')?>:</label>
    278. 

  278. <select id="selectImageview" name="selectImageview"<?php echo HTMLstuff::DisabledStr($DisableControls)?>>
    279. 

  279. <option value="detail" <?php echo $User->getImageview() == 'detail' ? ' selected="selected"' : NULL ?>><?php echo $lang->g('LabelViewModeDetail').$lang->g('LabelSuffixDefault')?></option>
    280. 

  280. <option value="thumb" <?php echo $User->getImageview() == 'thumb' ? ' selected="selected"' : NULL ?>><?php echo $lang->g('LabelViewModeThumbnail')?></option>
    281. 

  281. 

  282. </select>
    283. 

  283. </div>
    284. 

  284. 

  285. <div class="FormRow">
    286. 

  286. <label><?php echo $lang->g('LabelGender')?>: </label>
    287. 

  287. <input type="radio" id="radFemale" name="radGender" value="<?php echo GENDER_FEMALE?>"<?php echo $User->getGender() == GENDER_FEMALE ? ' checked="checked"' : NULL?><?php echo HTMLstuff::DisabledStr($DisableControls)?> /> 
    288. 

  288. <label for="radFemale" class="Radio"><?php echo $lang->g('LabelFemale')?></label>
    289. 

  289. <input type="radio" id="radMale" name="radGender" value="<?php echo GENDER_MALE?>"<?php echo $User->getGender() == GENDER_MALE ? ' checked="checked"' : NULL?><?php echo HTMLstuff::DisabledStr($DisableControls)?> /> 
    290. 

  290. <label for="radMale" class="Radio"><?php echo $lang->g('LabelMale')?></label>
    291. 

  291. </div>
    292. 

  292. 

  293. <div class="FormRow">
    294. 

  294. <label for="txtFirstName"><?php echo $lang->g('LabelFirstname')?>: <em>*</em></label>
    295. 

  295. <input type="text" id="txtFirstName" name="txtFirstName" maxlength="100" value="<?php echo $User->getFirstName()?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    296. 

  296. </div>
    297. 

  297. 

  298. <div class="FormRow">
    299. 

  299. <label for="txtInsertion"><?php echo $lang->g('LabelInsertion')?>:</label>
    300. 

  300. <input type="text" id="txtInsertion" name="txtInsertion" maxlength="20" value="<?php echo $User->getInsertion()?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    301. 

  301. </div>
    302. 

  302. 

  303. <div class="FormRow">
    304. 

  304. <label for="txtLastName"><?php echo $lang->g('LabelLastname')?>: <em>*</em></label>
    305. 

  305. <input type="text" id="txtLastName" name="txtLastName" maxlength="100" value="<?php echo $User->getLastName()?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    306. 

  306. </div>
    307. 

  307. 

  308. <div class="FormRow">
    309. 

  309. <label for="txtEmailAddress"><?php echo $lang->g('LabelEmailAddress')?>: <em>*</em></label>
    310. 

  310. <input type="text" id="txtEmailAddress" name="txtEmailAddress" maxlength="255" value="<?php echo $User->getEmailAddress()?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    311. 

  311. </div>
    312. 

  312. 

  313. <div class="FormRow">
    314. 

  314. <label for="txtBirthDate"><?php echo $lang->g('LabelBirthdate')?>:</label>
    315. 

  315. <input type="text" id="txtBirthDate" name="txtBirthDate" class="DatePicker"	maxlength="10" value="<?php echo $User->getBirthDate() > 0 ? date('Y-m-d', $User->getBirthDate()) : NULL?>"<?php echo HTMLstuff::DisabledStr($DisableControls)?> />
    316. 

  316. </div>
    317. 

  317. 

  318. <div class="FormRow">
    319. 

  319. <label><?php echo $lang->g('LabelUserRights')?>:</label><br />
    320. 

  320. <label for="chkToggleRights"><input type="checkbox" id="chkToggleRights" name="chkToggleRights"<?php echo HTMLstuff::DisabledStr($DisableControls)?> onclick="ToggleBoxes();"/>&nbsp;<?php echo $lang->g('ButtonToggle')?></label>
    321. 

  321. 	<div class="CheckBoxMadness">
    322. 

  322. 	<ul><?php echo $RightsCheckboxes?></ul>
    323. 

  323. 	</div>
    324. 

  324. </div>
    325. 

  325. 

  326. <div class="FormRow Clear">
    327. 

  327. <label>&nbsp;</label>
    328. 

  328. <input type="submit" id="submitform" class="FormButton" value="<?php echo $DeleteUser ? $lang->g('ButtonDelete') : $lang->g('ButtonSave')?>" <?php echo HTMLstuff::DisabledStr($DisableDefaultButton) ?> />
    329. 

  329. <input type="button" class="FormButton" value="<?php echo $lang->g('ButtonCancel')?>" onclick="window.location='user.php';" />
    330. 

  330. </div>
    331. 

  331. 

  332. <div class="Separator"></div>
    333. 

  333. 

  334. <?php echo HTMLstuff::Button('index.php')?>
    335. 

  335. </fieldset>
    336. 

  336. </form>
    337. 

  337. 

  338. <?php
    339. 

  339. echo HTMLstuff::HtmlFooter($CurrentUser);
    340. 

  340. ?>
    341.