path: root/admin/users.php

<?php
/*

 Copyright (c) 2001 - 2006 Ampache.org
 All rights reserved.

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

*/

require_once ('../lib/init.php');

if (!$GLOBALS['user']->has_access(100)) { 
	access_denied();
	exit();
}


$action = scrub_in($_REQUEST['action']);


show_template('header');

$user_id = scrub_in($_REQUEST['user']);
$temp_user = new User($user_id);
 
switch ($action) {
	case 'edit':
        	if (conf('demo_mode')) { break; }
		$username	= $temp_user->username;
		$fullname	= $temp_user->fullname;
		$email		= $temp_user->email;
		$access		= $temp_user->access;
		$id		= $temp_user->id;
		require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
	break;
	case 'update_user':
	        if (conf('demo_mode')) { break; }

		/* Clean up the variables */
		$username = scrub_in($_REQUEST['new_username']);
		$fullname = scrub_in($_REQUEST['new_fullname']);
		$email = scrub_in($_REQUEST['new_email']);
		$access = scrub_in($_REQUEST['user_access']);
		$pass1 = scrub_in($_REQUEST['new_password_1']);
		$pass2 = scrub_in($_REQUEST['new_password_2']);
	
		/* Setup the temp user */	
	    	$thisuser = new User($username);
	
		/* Verify Input */
		if (empty($username)) { 
			$GLOBALS['error']->add_error('username',_("Error Username Required"));
		}
		if ($pass1 !== $pass2 AND !empty($pass1)) { 
			$GLOBALS['error']->add_error('password',_("Error Passwords don't match"));
		}

		/* If we've got an error then break! */
		if ($GLOBALS['error']->error_state) { 
			$username = $thisuser->username;
			$fullname = $thisuser->fullname;
			$email	  = $thisuser->email;
			$access   = $thisuser->access;
			$type = 'edit_user';
			require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
			break;
		} // if we've had an oops!

		if ($access != $thisuser->access) { 
			$thisuser->update_access($access);
		}
		if ($email != $thisuser->email) { 
			$thisuser->update_email($email);
		}
		if ($username != $thisuser->username) { 
			$thisuser->update_username($username);
		} 
		if ($fullname != $user->fullname) {
			$thisuser->update_fullname($fullname);
		}
		if ($pass1 == $pass2 && strlen($pass1)) { 
			$thisuser->update_password($pass1);
		} 
		show_confirmation("User Updated", $thisuser->username . "'s information has been updated","admin/users.php");
	break;
	case 'add_user':
        	if (conf('demo_mode')) { break; }
		$username = scrub_in($_REQUEST['new_username']);
		$fullname = scrub_in($_REQUEST['new_fullname']);
		$email = scrub_in($_REQUEST['new_email']);
		$access = scrub_in($_REQUEST['user_access']);
		$pass1 = scrub_in($_REQUEST['new_password_1']);
		$pass2 = scrub_in($_REQUEST['new_password_2']);
		if (($pass1 !== $pass2)) { 
			$GLOBALS['error']->add_error('password',_("Error Passwords don't match"));
		}

		if (empty($username)) { 
			$GLOBALS['error']->add_error('username',_("Error Username Required"));
		}
		if (is_numeric($username)) { 
			$GLOBALS['error']->add_error('username',"Error: Due to the incompetance of the programmer numeric usernames would cause the whole of existance to cease. Please add a letter or something"); 
		}

		/* make sure the username doesn't already exist */
		if (!check_username($username)) { 
			$GLOBALS['error']->add_error('username',_("Error Username already exists"));
		} 

		if (!$GLOBALS['error']->error_state) { 

			/* Attempt to create the user */
			if (!$user->create($username, $fullname, $email, $pass1, $access)) {
				$GLOBALS['error']->add_error('general',"Error: Insert Failed");
			}
			
		} // if no errors
		
		/* If we end up with an error */
		if ($GLOBALS['error']->error_state) { 
			$type = 'new_user';
			require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
			break;
		}	
		show_confirmation("New User Added",$username . " has been created with an access level of " . $access,"admin/users.php");	
	break;
	case 'delete':
        	if (conf('demo_mode')) { break; }
		show_confirmation(_('Deletion Request'),
			_("Are you sure you want to permanently delete") . " $temp_user->fullname ($temp_user->username) ?",
			"admin/users.php?action=confirm_delete&amp;user=$temp_user->id");
	break;
	case 'confirm_delete':
	        if (conf('demo_mode')) { break; }
	    	if ($_REQUEST['confirm'] == _("No")) { show_manage_users(); break; }
		if ($temp_user->delete()) { 
			show_confirmation(_("User Deleted"), "$temp_user->username has been Deleted","admin/users.php");
		}
		else { 
			show_confirmation(_("Delete Error"), _("Unable to delete last Admin User"),"admin/users.php");
		}
	break;
	/* Show IP History for the Specified User */
	case 'show_ip_history':
		/* get the user and their history */
		$temp_user	= new User($_REQUEST['user_id']); 
		if (!isset ($_REQUEST['all'])){
		$history	= $temp_user->get_ip_history('',1);
		} else {
		$history	= $temp_user->get_ip_history('','');
		}
		require (conf('prefix') . '/templates/show_ip_history.inc.php');
	break;
	case 'show_add_user':
	        if (conf('demo_mode')) { break; }
		$type = 'new_user';
		require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
	break;
	case 'update':
	case 'disabled':
	        if (conf('demo_mode')) { break; }
		$level = scrub_in($_REQUEST['level']);
		$thisuser = new User($_REQUEST['user']);
		if ($GLOBALS['user']->has_access(100)) { 
			$thisuser->update_access($level);
		} 
		show_manage_users();
	break;
	default:
		show_manage_users();
	break;
}

/* Show the footer */
show_footer();

?>