has_access(100)) { access_denied(); } $action = scrub_in($_REQUEST['action']); show_template('header'); show_menu_items('Admin'); show_admin_menu('Users'); show_clear(); $user_id = scrub_in($_REQUEST['user']); $temp_user = new User($user_id); switch ($action) { case 'edit': if (conf('demo_mode')) { break; } show_user_form($temp_user->id, $temp_user->username, $temp_user->fullname, $temp_user->email, $temp_user->access, 'edit_user', ''); break; case 'update_user': if (conf('demo_mode')) { break; } /* Clean up the variables */ $username = scrub_in($_REQUEST['new_username']); $fullname = scrub_in($_REQUEST['new_fullname']); $email = scrub_in($_REQUEST['new_email']); $access = scrub_in($_REQUEST['user_access']); $pass1 = scrub_in($_REQUEST['new_password_1']); $pass2 = scrub_in($_REQUEST['new_password_2']); /* Setup the temp user */ $thisuser = new User($username); /* Verify Input */ if (empty($username)) { $GLOBALS['error']->add_error('username',_("Error Username Required")); } if ($pass1 !== $pass2 AND !empty($pass1)) { $GLOBALS['error']->add_error('password',_("Error Passwords don't match")); } /* If we've got an error then break! */ if ($GLOBALS['error']->error_state) { show_user_form($temp_user->id, $thisuser->username, $thisuser->fullname, $thisuser->email, $thisuser->access, 'edit_user', ''); break; } // if we've had an oops! if ($access != $thisuser->access) { $thisuser->update_access($access); } if ($email != $thisuser->email) { $thisuser->update_email($email); } if ($username != $thisuser->username) { $thisuser->update_username($username); } if ($fullname != $user->fullname) { $thisuser->update_fullname($fullname); } if ($pass1 == $pass2 && strlen($pass1)) { $thisuser->update_password($pass1); } show_confirmation("User Updated", $thisuser->username . "'s information has been updated","admin/users.php"); break; case 'add_user': if (conf('demo_mode')) { break; } $username = scrub_in($_REQUEST['new_username']); $fullname = scrub_in($_REQUEST['new_fullname']); $email = scrub_in($_REQUEST['new_email']); $access = scrub_in($_REQUEST['user_access']); $pass1 = scrub_in($_REQUEST['new_password_1']); $pass2 = scrub_in($_REQUEST['new_password_2']); if (($pass1 !== $pass2)) { $GLOBALS['error']->add_error('password',_("Error Passwords don't match")); } if (empty($username)) { $GLOBALS['error']->add_error('username',_("Error Username Required")); } if (!$user->create($username, $fullname, $email, $pass1, $access)) { $GLOBALS['error']->add_error('general',"Error: Insert Failed"); } /* If we end up with an error */ if ($GLOBALS['error']->error_state) { show_user_form('','$username','$fullname','$email','$access','new_user',''); break; } show_confirmation("New User Added",$username . " has been created with an access level of " . $access,"admin/users.php"); break; case 'delete': if (conf('demo_mode')) { break; } show_confirm_action(_("Are you sure you want to permanently delete") . " $temp_user->fullname ($temp_user->username) ?", "admin/users.php", "action=confirm_delete&user=$temp_user->username"); break; case 'confirm_delete': if (conf('demo_mode')) { break; } if ($_REQUEST['confirm'] == _("No")) { show_manage_users(); break; } if ($temp_user->delete()) { show_confirmation(_("User Deleted"), "$temp_user->username has been Deleted","admin/users.php"); } else { show_confirmation(_("Delete Error"), _("Unable to delete last Admin User"),"admin/users.php"); } break; case 'show_add_user': if (conf('demo_mode')) { break; } show_user_form('','','','','','new_user',''); break; case 'update': case 'disabled': if (conf('demo_mode')) { break; } $level = scrub_in($_REQUEST['level']); $thisuser = new User($_REQUEST['user']); if ($_SESSION['userdata']['access'] == 'admin') { $thisuser->update_access($level); } show_manage_users(); break; default: show_manage_users(); } echo "

"; show_admin_menu('Users'); show_menu_items('Admin'); ?>