2011-06-03 06:40:29 +02:00
< ? php
2014-09-24 15:36:26 +02:00
2013-11-25 21:04:58 +01:00
function admin_user_title () {
return _ ( " All Angels " );
}
2011-06-03 06:40:29 +02:00
function admin_user () {
2012-12-01 11:49:16 +01:00
global $user , $privileges , $tshirt_sizes , $privileges ;
2013-12-28 03:02:51 +01:00
2014-09-24 15:36:26 +02:00
$html = '' ;
2013-12-28 03:02:51 +01:00
2014-12-27 21:55:24 +01:00
if ( ! isset ( $_REQUEST [ 'id' ]))
redirect ( users_link ());
$id = $_REQUEST [ 'id' ];
if ( ! isset ( $_REQUEST [ 'action' ])) {
$user_source = User ( $id );
if ( $user_source === false )
engelsystem_error ( 'Unable to load user.' );
if ( $user_source == null ) {
error ( _ ( 'This user does not exist.' ));
redirect ( users_link ());
}
$html .= " Hallo,<br /> " . " hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . " wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . " dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . " Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . " bereits sein T-Shirt erhalten hat.<br /><br /> \n " ;
$html .= " <form action= \" " . page_link_to ( " admin_user " ) . " &action=save&id= $id\ " method = \ " post \" > \n " ;
$html .= " <table border= \" 0 \" > \n " ;
$html .= " <input type= \" hidden \" name= \" Type \" value= \" Normal \" > \n " ;
$SQL = " SELECT * FROM `User` WHERE `UID`=' " . sql_escape ( $id ) . " ' " ;
list ( $user_source ) = sql_select ( $SQL );
$html .= " <tr><td> \n " ;
$html .= " <table> \n " ;
$html .= " <tr><td>Nick</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eNick \" value= \" " . $user_source [ 'Nick' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>lastLogIn</td><td> " . date ( " Y-m-d H:i " , $user_source [ 'lastLogIn' ]) . " </td></tr> \n " ;
$html .= " <tr><td>Name</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eName \" value= \" " . $user_source [ 'Name' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Vorname</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eVorname \" value= \" " . $user_source [ 'Vorname' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Alter</td><td> " . " <input type= \" text \" size= \" 5 \" name= \" eAlter \" value= \" " . $user_source [ 'Alter' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Telefon</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eTelefon \" value= \" " . $user_source [ 'Telefon' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Handy</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eHandy \" value= \" " . $user_source [ 'Handy' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>DECT</td><td> " . " <input type= \" text \" size= \" 4 \" name= \" eDECT \" value= \" " . $user_source [ 'DECT' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>email</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eemail \" value= \" " . $user_source [ 'email' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td> " . form_checkbox ( 'email_shiftinfo' , _ ( " Please send me an email if my shifts change " ), $user_source [ 'email_shiftinfo' ]) . " </td></tr> \n " ;
$html .= " <tr><td>jabber</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" ejabber \" value= \" " . $user_source [ 'jabber' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Size</td><td> " . html_select_key ( 'size' , 'eSize' , $tshirt_sizes , $user_source [ 'Size' ]) . " </td></tr> \n " ;
$options = array (
'1' => " Yes " ,
'0' => " No "
);
// Gekommen?
$html .= " <tr><td>Gekommen</td><td> \n " ;
$html .= html_options ( 'eGekommen' , $options , $user_source [ 'Gekommen' ]) . " </td></tr> \n " ;
// Aktiv?
$html .= " <tr><td>Aktiv</td><td> \n " ;
$html .= html_options ( 'eAktiv' , $options , $user_source [ 'Aktiv' ]) . " </td></tr> \n " ;
// Aktiv erzwingen
if ( in_array ( 'admin_active' , $privileges )) {
$html .= " <tr><td> " . _ ( " Force active " ) . " </td><td> \n " ;
$html .= html_options ( 'force_active' , $options , $user_source [ 'force_active' ]) . " </td></tr> \n " ;
}
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td> \n " ;
$html .= html_options ( 'eTshirt' , $options , $user_source [ 'Tshirt' ]) . " </td></tr> \n " ;
$html .= " <tr><td>Hometown</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" Hometown \" value= \" " . $user_source [ 'Hometown' ] . " \" ></td></tr> \n " ;
2015-07-12 13:51:39 +02:00
$html .= " </table> \n </td><td valign= \" top \" ></td></tr> " ;
2014-12-27 21:55:24 +01:00
$html .= " </td></tr> \n " ;
$html .= " </table> \n <br /> \n " ;
$html .= " <input type= \" submit \" value= \" Speichern \" > \n " ;
$html .= " </form> " ;
$html .= " <hr /> " ;
$html .= form_info ( '' , _ ( 'Please visit the angeltypes page or the users profile to manage users angeltypes.' ));
$html .= " Hier kannst Du das Passwort dieses Engels neu setzen:<form action= \" " . page_link_to ( " admin_user " ) . " &action=change_pw&id= $id\ " method = \ " post \" > \n " ;
$html .= " <table> \n " ;
$html .= " <tr><td>Passwort</td><td> " . " <input type= \" password \" size= \" 40 \" name= \" new_pw \" value= \" \" ></td></tr> \n " ;
$html .= " <tr><td>Wiederholung</td><td> " . " <input type= \" password \" size= \" 40 \" name= \" new_pw2 \" value= \" \" ></td></tr> \n " ;
$html .= " </table> " ;
$html .= " <input type= \" submit \" value= \" Speichern \" > \n " ;
$html .= " </form> " ;
$html .= " <hr /> " ;
2014-12-28 13:44:56 +01:00
$my_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user [ 'UID' ]) . " ' ORDER BY `uid` LIMIT 1 " );
2014-12-27 21:55:24 +01:00
if ( count ( $my_highest_group ) > 0 )
$my_highest_group = $my_highest_group [ 0 ][ 'group_id' ];
2014-12-28 13:44:56 +01:00
$his_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $id ) . " ' ORDER BY `uid` LIMIT 1 " );
2014-12-27 21:55:24 +01:00
if ( count ( $his_highest_group ) > 0 )
$his_highest_group = $his_highest_group [ 0 ][ 'group_id' ];
if ( $id != $user [ 'UID' ] && $my_highest_group <= $his_highest_group ) {
2012-12-01 11:49:16 +01:00
$html .= " Hier kannst Du die Benutzergruppen des Engels festlegen:<form action= \" " . page_link_to ( " admin_user " ) . " &action=save_groups&id= " . $id . " \" method= \" post \" > \n " ;
$html .= '<table>' ;
2013-12-28 03:02:51 +01:00
2014-12-28 13:44:56 +01:00
$groups = sql_select ( " SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = ' " . sql_escape ( $id ) . " ') WHERE `Groups`.`UID` >= ' " . sql_escape ( $my_highest_group ) . " ' ORDER BY `Groups`.`Name` " );
2014-12-27 21:55:24 +01:00
foreach ( $groups as $group )
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group [ 'UID' ] . '"' . ( $group [ 'group_id' ] != " " ? ' checked="checked"' : '' ) . ' /></td><td>' . $group [ 'Name' ] . '</td></tr>' ;
2013-12-28 03:02:51 +01:00
2014-12-27 21:55:24 +01:00
$html .= '</table>' ;
2013-12-28 03:02:51 +01:00
2014-12-27 21:55:24 +01:00
$html .= " <input type= \" submit \" value= \" Speichern \" > \n " ;
2012-12-01 11:49:16 +01:00
$html .= " </form> " ;
2013-12-28 03:02:51 +01:00
2012-12-01 11:49:16 +01:00
$html .= " <hr /> " ;
2014-12-27 21:55:24 +01:00
}
$html .= " <form action= \" " . page_link_to ( " admin_user " ) . " &action=delete&id= " . $id . " \" method= \" post \" > \n " ;
$html .= " <input type= \" submit \" value= \" Löschen \" > \n " ;
$html .= " </form> " ;
$html .= " <hr /> " ;
} else {
switch ( $_REQUEST [ 'action' ]) {
case 'save_groups' :
if ( $id != $user [ 'UID' ]) {
2014-12-28 13:44:56 +01:00
$my_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user [ 'UID' ]) . " ' ORDER BY `group_id` " );
$his_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $id ) . " ' ORDER BY `group_id` " );
2014-12-27 21:55:24 +01:00
if ( count ( $my_highest_group ) > 0 && ( count ( $his_highest_group ) == 0 || ( $my_highest_group [ 0 ][ 'group_id' ] <= $his_highest_group [ 0 ][ 'group_id' ]))) {
2014-12-28 13:44:56 +01:00
$groups_source = sql_select ( " SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = ' " . sql_escape ( $id ) . " ') WHERE `Groups`.`UID` >= ' " . sql_escape ( $my_highest_group [ 0 ][ 'group_id' ]) . " ' ORDER BY `Groups`.`Name` " );
2014-12-27 21:55:24 +01:00
$groups = array ();
$grouplist = array ();
foreach ( $groups_source as $group ) {
$groups [ $group [ 'UID' ]] = $group ;
$grouplist [] = $group [ 'UID' ];
}
2013-12-28 03:02:51 +01:00
2014-12-27 21:55:24 +01:00
if ( ! is_array ( $_REQUEST [ 'groups' ]))
$_REQUEST [ 'groups' ] = array ();
2014-12-28 13:44:56 +01:00
sql_query ( " DELETE FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $id ) . " ' " );
2014-12-27 21:55:24 +01:00
$user_groups_info = array ();
foreach ( $_REQUEST [ 'groups' ] as $group ) {
if ( in_array ( $group , $grouplist )) {
2014-12-28 13:44:56 +01:00
sql_query ( " INSERT INTO `UserGroups` SET `uid`=' " . sql_escape ( $id ) . " ', `group_id`=' " . sql_escape ( $group ) . " ' " );
2014-12-27 21:55:24 +01:00
$user_groups_info [] = $groups [ $group ][ 'Name' ];
2012-12-26 19:53:27 +01:00
}
2012-12-01 11:49:16 +01:00
}
2014-12-27 21:55:24 +01:00
$user_source = User ( $id );
engelsystem_log ( " Set groups of " . User_Nick_render ( $user_source ) . " to: " . join ( " , " , $user_groups_info ));
$html .= success ( " Benutzergruppen gespeichert. " , true );
2012-12-01 11:49:16 +01:00
} else {
2014-12-27 21:55:24 +01:00
$html .= error ( " Du kannst keine Engel mit mehr Rechten bearbeiten. " , true );
2012-12-01 11:49:16 +01:00
}
2014-12-27 21:55:24 +01:00
} else {
$html .= error ( " Du kannst Deine eigenen Rechte nicht bearbeiten. " , true );
}
break ;
case 'delete' :
if ( $user [ 'UID' ] != $id ) {
$user_source = sql_select ( " SELECT `Nick`, `UID` FROM `User` WHERE `UID` = ' " . sql_escape ( $id ) . " ' LIMIT 1 " );
2014-12-28 13:44:56 +01:00
sql_query ( " DELETE FROM `User` WHERE `UID`=' " . sql_escape ( $id ) . " ' LIMIT 1 " );
sql_query ( " DELETE FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $id ) . " ' " );
2014-12-27 21:55:24 +01:00
engelsystem_log ( " Deleted user " . User_Nick_render ( $user_source ));
$html .= success ( " Benutzer gelöscht! " , true );
} else {
$html .= error ( " Du kannst Dich nicht selber löschen! " , true );
}
break ;
case 'save' :
$force_active = $user [ 'force_active' ];
if ( in_array ( 'admin_active' , $privileges ))
$force_active = $_REQUEST [ 'force_active' ];
$SQL = " UPDATE `User` SET
2013-12-28 03:13:48 +01:00
`Nick` = '" . sql_escape($_POST["eNick"]) . "' ,
`Name` = '" . sql_escape($_POST["eName"]) . "' ,
`Vorname` = '" . sql_escape($_POST["eVorname"]) . "' ,
`Telefon` = '" . sql_escape($_POST["eTelefon"]) . "' ,
`Handy` = '" . sql_escape($_POST["eHandy"]) . "' ,
`Alter` = '" . sql_escape($_POST["eAlter"]) . "' ,
`DECT` = '" . sql_escape($_POST["eDECT"]) . "' ,
`email` = '" . sql_escape($_POST["eemail"]) . "' ,
2014-12-28 13:44:56 +01:00
`email_shiftinfo` = " . sql_bool(isset( $_REQUEST['email_shiftinfo'] )) . " ,
2013-12-28 03:13:48 +01:00
`jabber` = '" . sql_escape($_POST["ejabber"]) . "' ,
`Size` = '" . sql_escape($_POST["eSize"]) . "' ,
`Gekommen` = '" . sql_escape($_POST["eGekommen"]) . "' ,
`Aktiv` = '" . sql_escape($_POST["eAktiv"]) . "' ,
`force_active` = " . sql_escape( $force_active ) . " ,
`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "' ,
`Hometown` = '" . sql_escape($_POST["Hometown"]) . "'
WHERE `UID` = '" . sql_escape($id) . "'
2014-12-28 13:44:56 +01:00
LIMIT 1 " ;
2014-12-27 21:55:24 +01:00
sql_query ( $SQL );
engelsystem_log ( " Updated user: " . $_POST [ " eNick " ] . " , " . $_POST [ " eSize " ] . " , arrived: " . $_POST [ " eGekommen " ] . " , active: " . $_POST [ " eAktiv " ] . " , tshirt: " . $_POST [ " eTshirt " ]);
$html .= success ( " Änderung wurde gespeichert... \n " , true );
break ;
case 'change_pw' :
if ( $_REQUEST [ 'new_pw' ] != " " && $_REQUEST [ 'new_pw' ] == $_REQUEST [ 'new_pw2' ]) {
set_password ( $id , $_REQUEST [ 'new_pw' ]);
$user_source = User ( $id );
engelsystem_log ( " Set new password for " . User_Nick_render ( $user_source ));
$html .= success ( " Passwort neu gesetzt. " , true );
} else {
$html .= error ( " Die Eingaben müssen übereinstimmen und dürfen nicht leer sein! " , true );
}
break ;
2012-12-01 11:49:16 +01:00
}
}
2014-09-28 14:50:08 +02:00
return page_with_title ( _ ( 'Edit user' ), array (
$html
2014-09-24 15:36:26 +02:00
));
2011-06-03 06:40:29 +02:00
}
2011-09-14 23:11:15 +02:00
?>