PageRenderTime 62ms CodeModel.GetById 34ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/administrators.php

https://github.com/validoc/Pikmas
PHP | 199 lines | 161 code | 28 blank | 10 comment | 32 complexity | cac6a7d4123bd1818662478defbba45c MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.   $Id: administrators.php 1739 2007-12-20 00:52:16Z hpdl $
    4. 

    5. 

  5.   osCommerce, Open Source E-Commerce Solutions
    6. 

  6.   http://www.oscommerce.com
    7. 

    8. 

  8.   Copyright (c) 2007 osCommerce
    9. 

    10. 

  10.   Released under the GNU General Public License
    11. 

  11. */
    12. 

  12. 

  13.   require('includes/application_top.php');
    14. 

  14. 

  15.   $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');
    16. 

  16. 

  17.   if (tep_not_null($action)) {
    18. 

  18.     switch ($action) {
    19. 

  19.       case 'insert':
    20. 

  20.         require('includes/functions/password_funcs.php');
    21. 

  21. 

  22.         $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
    23. 

  23.         $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    24. 

  24. 

  25.         $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "' limit 1");
    26. 

  26. 

  27.         if (tep_db_num_rows($check_query) < 1) {
    28. 

  28.           tep_db_query("insert into " . TABLE_ADMINISTRATORS . " (user_name, user_password) values ('" . tep_db_input($username) . "', '" . tep_db_input(tep_encrypt_password($password)) . "')");
    29. 

  29.         } else {
    30. 

  30.           $messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error');
    31. 

  31.         }
    32. 

  32. 

  33.         tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
    34. 

  34.         break;
    35. 

  35.       case 'save':
    36. 

  36.         require('includes/functions/password_funcs.php');
    37. 

  37. 

  38.         $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
    39. 

  39.         $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    40. 

  40. 

  41.         $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
    42. 

  42.         $check = tep_db_fetch_array($check_query);
    43. 

  43. 

  44.         if ($admin['id'] == $check['id']) {
    45. 

  45.           $admin['username'] = $username;
    46. 

  46.         }
    47. 

  47. 

  48.         tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_name = '" . tep_db_input($username) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'");
    49. 

  49. 

  50.         if (tep_not_null($password)) {
    51. 

  51.           tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '" . tep_db_input(tep_encrypt_password($password)) . "' where id = '" . (int)$HTTP_GET_VARS['aID'] . "'");
    52. 

  52.         }
    53. 

  53. 

  54.         tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . (int)$HTTP_GET_VARS['aID']));
    55. 

  55.         break;
    56. 

  56.       case 'deleteconfirm':
    57. 

  57.         $id = tep_db_prepare_input($HTTP_GET_VARS['aID']);
    58. 

  58. 

  59.         $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($admin['username']) . "'");
    60. 

  60.         $check = tep_db_fetch_array($check_query);
    61. 

  61. 

  62.         if ($id == $check['id']) {
    63. 

  63.           tep_session_unregister('admin');
    64. 

  64.         }
    65. 

  65. 

  66.         tep_db_query("delete from " . TABLE_ADMINISTRATORS . " where id = '" . (int)$id . "'");
    67. 

  67. 

  68.         tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
    69. 

  69.         break;
    70. 

  70.     }
    71. 

  71.   }
    72. 

  72. ?>
    73. 

  73. <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
    74. 

  74. <html <?php echo HTML_PARAMS; ?>>
    75. 

  75. <head>
    76. 

  76. <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
    77. 

  77. <title><?php echo TITLE; ?></title>
    78. 

  78. <link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
    79. 

  79. <script language="javascript" src="includes/general.js"></script>
    80. 

  80. </head>
    81. 

  81. <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
    82. 

  82. <!-- header //-->
    83. 

  83. <?php require(DIR_WS_INCLUDES . 'header.php'); ?>
    84. 

  84. <!-- header_eof //-->
    85. 

  85. 

  86. <!-- body //-->
    87. 

  87. <table border="0" width="100%" cellspacing="2" cellpadding="2">
    88. 

  88.   <tr>
    89. 

  89.     <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
    90. 

  90. <!-- left_navigation //-->
    91. 

  91. <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
    92. 

  92. <!-- left_navigation_eof //-->
    93. 

  93.     </table></td>
    94. 

  94. <!-- body_text //-->
    95. 

  95.     <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
    96. 

  96.       <tr>
    97. 

  97.         <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
    98. 

  98.           <tr>
    99. 

  99.             <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
    100. 

  100.             <td class="pageHeading" align="right"><?php echo tep_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
    101. 

  101.           </tr>
    102. 

  102.         </table></td>
    103. 

  103.       </tr>
    104. 

  104.       <tr>
    105. 

  105.         <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
    106. 

  106.           <tr>
    107. 

  107.             <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
    108. 

  108.               <tr class="dataTableHeadingRow">
    109. 

  109.                 <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_ADMINISTRATORS; ?></td>
    110. 

  110.                 <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?>&nbsp;</td>
    111. 

  111.               </tr>
    112. 

  112. <?php
    113. 

  113.   $admins_query = tep_db_query("select id, user_name from " . TABLE_ADMINISTRATORS . " order by user_name");
    114. 

  114.   while ($admins = tep_db_fetch_array($admins_query)) {
    115. 

  115.     if ((!isset($HTTP_GET_VARS['aID']) || (isset($HTTP_GET_VARS['aID']) && ($HTTP_GET_VARS['aID'] == $admins['id']))) && !isset($aInfo) && (substr($action, 0, 3) != 'new')) {
    116. 

  116.       $aInfo = new objectInfo($admins);
    117. 

  117.     }
    118. 

  118. 

  119.     if ( (isset($aInfo) && is_object($aInfo)) && ($admins['id'] == $aInfo->id) ) {
    120. 

  120.       echo '                  <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href=\'' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id . '&action=edit') . '\'">' . "\n";
    121. 

  121.     } else {
    122. 

  122.       echo '                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href=\'' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $admins['id']) . '\'">' . "\n";
    123. 

  123.     }
    124. 

  124. ?>
    125. 

  125.                 <td class="dataTableContent"><?php echo $admins['user_name']; ?></td>
    126. 

  126.                 <td class="dataTableContent" align="right"><?php if ( (isset($aInfo) && is_object($aInfo)) && ($admins['id'] == $aInfo->id) ) { echo tep_image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); } else { echo '<a href="' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $admins['id']) . '">' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . '</a>'; } ?>&nbsp;</td>
    127. 

  127.               </tr>
    128. 

  128. <?php
    129. 

  129.   }
    130. 

  130. ?>
    131. 

  131.               <tr>
    132. 

  132.                 <td colspan="2" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ADMINISTRATORS, 'action=new') . '">' . tep_image_button('button_insert.gif', IMAGE_INSERT) . '</a>'; ?></td>
    133. 

  133.               </tr>
    134. 

  134.             </table></td>
    135. 

  135. <?php
    136. 

  136.   $heading = array();
    137. 

  137.   $contents = array();
    138. 

  138. 

  139.   switch ($action) {
    140. 

  140.     case 'new':
    141. 

  141.       $heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_NEW_ADMINISTRATOR . '</b>');
    142. 

  142. 

  143.       $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS, 'action=insert'));
    144. 

  144.       $contents[] = array('text' => TEXT_INFO_INSERT_INTRO);
    145. 

  145.       $contents[] = array('text' => '<br>' . TEXT_INFO_USERNAME . '<br>' . tep_draw_input_field('username'));
    146. 

  146.       $contents[] = array('text' => '<br>' . TEXT_INFO_PASSWORD . '<br>' . tep_draw_password_field('password'));
    147. 

  147.       $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_save.gif', IMAGE_SAVE) . '&nbsp;<a href="' . tep_href_link(FILENAME_ADMINISTRATORS) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
    148. 

  148.       break;
    149. 

  149.     case 'edit':
    150. 

  150.       $heading[] = array('text' => '<b>' . $aInfo->user_name . '</b>');
    151. 

  151. 

  152.       $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id . '&action=save'));
    153. 

  153.       $contents[] = array('text' => TEXT_INFO_EDIT_INTRO);
    154. 

  154.       $contents[] = array('text' => '<br>' . TEXT_INFO_USERNAME . '<br>' . tep_draw_input_field('username', $aInfo->user_name));
    155. 

  155.       $contents[] = array('text' => '<br>' . TEXT_INFO_NEW_PASSWORD . '<br>' . tep_draw_password_field('password'));
    156. 

  156.       $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_update.gif', IMAGE_UPDATE) . '&nbsp;<a href="' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
    157. 

  157.       break;
    158. 

  158.     case 'delete':
    159. 

  159.       $heading[] = array('text' => '<b>' . $aInfo->user_name . '</b>');
    160. 

  160. 

  161.       $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id . '&action=deleteconfirm'));
    162. 

  162.       $contents[] = array('text' => TEXT_INFO_DELETE_INTRO);
    163. 

  163.       $contents[] = array('text' => '<br><b>' . $aInfo->user_name . '</b>');
    164. 

  164.       $contents[] = array('align' => 'center', 'text' => '<br>' . tep_image_submit('button_delete.gif', IMAGE_UPDATE) . '&nbsp;<a href="' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id) . '">' . tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
    165. 

  165.       break;
    166. 

  166.     default:
    167. 

  167.       if (isset($aInfo) && is_object($aInfo)) {
    168. 

  168.         $heading[] = array('text' => '<b>' . $aInfo->user_name . '</b>');
    169. 

  169. 

  170.         $contents[] = array('align' => 'center', 'text' => '<a href="' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id . '&action=edit') . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a> <a href="' . tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id . '&action=delete') . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a>');
    171. 

  171.       }
    172. 

  172.       break;
    173. 

  173.   }
    174. 

  174. 

  175.   if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) {
    176. 

  176.     echo '            <td width="25%" valign="top">' . "\n";
    177. 

  177. 

  178.     $box = new box;
    179. 

  179.     echo $box->infoBox($heading, $contents);
    180. 

  180. 

  181.     echo '            </td>' . "\n";
    182. 

  182.   }
    183. 

  183. ?>
    184. 

  184.           </tr>
    185. 

  185.         </table></td>
    186. 

  186.       </tr>
    187. 

  187.     </table></td>
    188. 

  188. <!-- body_text_eof //-->
    189. 

  189.   </tr>
    190. 

  190. </table>
    191. 

  191. <!-- body_eof //-->
    192. 

  192. 

  193. <!-- footer //-->
    194. 

  194. <?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
    195. 

  195. <!-- footer_eof //-->
    196. 

  196. <br>
    197. 

  197. </body>
    198. 

  198. </html>
    199. 

  199. <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>
    200. 

  200.