2011-06-03 06:40:29 +02:00
< ? php
2014-09-24 15:36:26 +02:00
2013-11-25 21:04:58 +01:00
function admin_user_title () {
return _ ( " All Angels " );
}
2011-06-03 06:40:29 +02:00
function admin_user () {
2012-12-01 11:49:16 +01:00
global $user , $privileges , $tshirt_sizes , $privileges ;
2013-12-28 03:02:51 +01:00
2014-09-24 15:36:26 +02:00
$html = '' ;
2013-12-28 03:02:51 +01:00
2016-09-29 10:53:17 +02:00
if ( ! isset ( $_REQUEST [ 'id' ])) {
2014-12-27 21:55:24 +01:00
redirect ( users_link ());
2016-09-29 10:53:17 +02:00
}
2014-12-27 21:55:24 +01:00
2016-09-29 12:45:06 +02:00
$user_id = $_REQUEST [ 'id' ];
2014-12-27 21:55:24 +01:00
if ( ! isset ( $_REQUEST [ 'action' ])) {
2016-09-29 12:45:06 +02:00
$user_source = User ( $user_id );
2014-12-27 21:55:24 +01:00
if ( $user_source == null ) {
error ( _ ( 'This user does not exist.' ));
redirect ( users_link ());
}
$html .= " Hallo,<br /> " . " hier kannst du den Eintrag ändern. Unter dem Punkt 'Gekommen' " . " wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . " dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . " Wenn T-Shirt ein 'Ja' enthält, bedeutet dies, dass der Engel " . " bereits sein T-Shirt erhalten hat.<br /><br /> \n " ;
2016-09-29 12:45:06 +02:00
$html .= " <form action= \" " . page_link_to ( " admin_user " ) . " &action=save&id= $user_id\ " method = \ " post \" > \n " ;
2014-12-27 21:55:24 +01:00
$html .= " <table border= \" 0 \" > \n " ;
$html .= " <input type= \" hidden \" name= \" Type \" value= \" Normal \" > \n " ;
$html .= " <tr><td> \n " ;
$html .= " <table> \n " ;
$html .= " <tr><td>Nick</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eNick \" value= \" " . $user_source [ 'Nick' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>lastLogIn</td><td> " . date ( " Y-m-d H:i " , $user_source [ 'lastLogIn' ]) . " </td></tr> \n " ;
$html .= " <tr><td>Name</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eName \" value= \" " . $user_source [ 'Name' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Vorname</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eVorname \" value= \" " . $user_source [ 'Vorname' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Alter</td><td> " . " <input type= \" text \" size= \" 5 \" name= \" eAlter \" value= \" " . $user_source [ 'Alter' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Telefon</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eTelefon \" value= \" " . $user_source [ 'Telefon' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Handy</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eHandy \" value= \" " . $user_source [ 'Handy' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>DECT</td><td> " . " <input type= \" text \" size= \" 4 \" name= \" eDECT \" value= \" " . $user_source [ 'DECT' ] . " \" ></td></tr> \n " ;
2016-11-11 15:24:51 +01:00
if ( $user_source [ 'email_by_human_allowed' ]) {
$html .= " <tr><td>email</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" eemail \" value= \" " . $user_source [ 'email' ] . " \" ></td></tr> \n " ;
}
2014-12-27 21:55:24 +01:00
$html .= " <tr><td>jabber</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" ejabber \" value= \" " . $user_source [ 'jabber' ] . " \" ></td></tr> \n " ;
$html .= " <tr><td>Size</td><td> " . html_select_key ( 'size' , 'eSize' , $tshirt_sizes , $user_source [ 'Size' ]) . " </td></tr> \n " ;
2016-09-29 10:53:17 +02:00
$options = [
'1' => _ ( " Yes " ),
'0' => _ ( " No " )
];
2014-12-27 21:55:24 +01:00
// Gekommen?
$html .= " <tr><td>Gekommen</td><td> \n " ;
$html .= html_options ( 'eGekommen' , $options , $user_source [ 'Gekommen' ]) . " </td></tr> \n " ;
// Aktiv?
$html .= " <tr><td>Aktiv</td><td> \n " ;
$html .= html_options ( 'eAktiv' , $options , $user_source [ 'Aktiv' ]) . " </td></tr> \n " ;
// Aktiv erzwingen
if ( in_array ( 'admin_active' , $privileges )) {
$html .= " <tr><td> " . _ ( " Force active " ) . " </td><td> \n " ;
$html .= html_options ( 'force_active' , $options , $user_source [ 'force_active' ]) . " </td></tr> \n " ;
}
// T-Shirt bekommen?
$html .= " <tr><td>T-Shirt</td><td> \n " ;
$html .= html_options ( 'eTshirt' , $options , $user_source [ 'Tshirt' ]) . " </td></tr> \n " ;
$html .= " <tr><td>Hometown</td><td> " . " <input type= \" text \" size= \" 40 \" name= \" Hometown \" value= \" " . $user_source [ 'Hometown' ] . " \" ></td></tr> \n " ;
2015-07-12 13:51:39 +02:00
$html .= " </table> \n </td><td valign= \" top \" ></td></tr> " ;
2014-12-27 21:55:24 +01:00
$html .= " </td></tr> \n " ;
$html .= " </table> \n <br /> \n " ;
$html .= " <input type= \" submit \" value= \" Speichern \" > \n " ;
$html .= " </form> " ;
$html .= " <hr /> " ;
$html .= form_info ( '' , _ ( 'Please visit the angeltypes page or the users profile to manage users angeltypes.' ));
2016-09-29 12:45:06 +02:00
$html .= " Hier kannst Du das Passwort dieses Engels neu setzen:<form action= \" " . page_link_to ( " admin_user " ) . " &action=change_pw&id= $user_id\ " method = \ " post \" > \n " ;
2014-12-27 21:55:24 +01:00
$html .= " <table> \n " ;
$html .= " <tr><td>Passwort</td><td> " . " <input type= \" password \" size= \" 40 \" name= \" new_pw \" value= \" \" ></td></tr> \n " ;
$html .= " <tr><td>Wiederholung</td><td> " . " <input type= \" password \" size= \" 40 \" name= \" new_pw2 \" value= \" \" ></td></tr> \n " ;
$html .= " </table> " ;
$html .= " <input type= \" submit \" value= \" Speichern \" > \n " ;
$html .= " </form> " ;
$html .= " <hr /> " ;
2015-08-13 11:46:06 +02:00
$my_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user [ 'UID' ]) . " ' ORDER BY `group_id` LIMIT 1 " );
2016-09-29 10:53:17 +02:00
if ( count ( $my_highest_group ) > 0 ) {
2014-12-27 21:55:24 +01:00
$my_highest_group = $my_highest_group [ 0 ][ 'group_id' ];
2016-09-29 10:53:17 +02:00
}
2014-12-27 21:55:24 +01:00
2016-09-29 12:45:06 +02:00
$his_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user_id ) . " ' ORDER BY `group_id` LIMIT 1 " );
2016-09-29 10:53:17 +02:00
if ( count ( $his_highest_group ) > 0 ) {
2014-12-27 21:55:24 +01:00
$his_highest_group = $his_highest_group [ 0 ][ 'group_id' ];
2016-09-29 10:53:17 +02:00
}
2014-12-27 21:55:24 +01:00
2016-09-29 12:45:06 +02:00
if ( $user_id != $user [ 'UID' ] && $my_highest_group <= $his_highest_group ) {
$html .= " Hier kannst Du die Benutzergruppen des Engels festlegen:<form action= \" " . page_link_to ( " admin_user " ) . " &action=save_groups&id= " . $user_id . " \" method= \" post \" > \n " ;
2012-12-01 11:49:16 +01:00
$html .= '<table>' ;
2013-12-28 03:02:51 +01:00
2016-09-29 12:45:06 +02:00
$groups = sql_select ( " SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = ' " . sql_escape ( $user_id ) . " ') WHERE `Groups`.`UID` >= ' " . sql_escape ( $my_highest_group ) . " ' ORDER BY `Groups`.`Name` " );
2016-09-29 10:53:17 +02:00
foreach ( $groups as $group ) {
2014-12-27 21:55:24 +01:00
$html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group [ 'UID' ] . '"' . ( $group [ 'group_id' ] != " " ? ' checked="checked"' : '' ) . ' /></td><td>' . $group [ 'Name' ] . '</td></tr>' ;
2016-09-29 10:53:17 +02:00
}
2013-12-28 03:02:51 +01:00
2014-12-27 21:55:24 +01:00
$html .= '</table>' ;
2013-12-28 03:02:51 +01:00
2014-12-27 21:55:24 +01:00
$html .= " <input type= \" submit \" value= \" Speichern \" > \n " ;
2012-12-01 11:49:16 +01:00
$html .= " </form> " ;
2013-12-28 03:02:51 +01:00
2012-12-01 11:49:16 +01:00
$html .= " <hr /> " ;
2014-12-27 21:55:24 +01:00
}
2015-12-30 15:48:41 +01:00
$html .= buttons ([
button ( user_delete_link ( $user_source ), glyph ( 'lock' ) . _ ( " delete " ), 'btn-danger' )
]);
2014-12-27 21:55:24 +01:00
$html .= " <hr /> " ;
} else {
switch ( $_REQUEST [ 'action' ]) {
case 'save_groups' :
2016-09-29 12:45:06 +02:00
if ( $user_id != $user [ 'UID' ]) {
2014-12-28 13:44:56 +01:00
$my_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user [ 'UID' ]) . " ' ORDER BY `group_id` " );
2016-09-29 12:45:06 +02:00
$his_highest_group = sql_select ( " SELECT * FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user_id ) . " ' ORDER BY `group_id` " );
2014-12-27 21:55:24 +01:00
if ( count ( $my_highest_group ) > 0 && ( count ( $his_highest_group ) == 0 || ( $my_highest_group [ 0 ][ 'group_id' ] <= $his_highest_group [ 0 ][ 'group_id' ]))) {
2016-09-29 12:45:06 +02:00
$groups_source = sql_select ( " SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = ' " . sql_escape ( $user_id ) . " ') WHERE `Groups`.`UID` >= ' " . sql_escape ( $my_highest_group [ 0 ][ 'group_id' ]) . " ' ORDER BY `Groups`.`Name` " );
2016-09-29 10:53:17 +02:00
$groups = [];
$grouplist = [];
2014-12-27 21:55:24 +01:00
foreach ( $groups_source as $group ) {
$groups [ $group [ 'UID' ]] = $group ;
$grouplist [] = $group [ 'UID' ];
}
2013-12-28 03:02:51 +01:00
2016-09-29 10:53:17 +02:00
if ( ! is_array ( $_REQUEST [ 'groups' ])) {
$_REQUEST [ 'groups' ] = [];
}
2014-12-27 21:55:24 +01:00
2016-09-29 12:45:06 +02:00
sql_query ( " DELETE FROM `UserGroups` WHERE `uid`=' " . sql_escape ( $user_id ) . " ' " );
2016-09-29 10:53:17 +02:00
$user_groups_info = [];
2014-12-27 21:55:24 +01:00
foreach ( $_REQUEST [ 'groups' ] as $group ) {
if ( in_array ( $group , $grouplist )) {
2016-09-29 12:45:06 +02:00
sql_query ( " INSERT INTO `UserGroups` SET `uid`=' " . sql_escape ( $user_id ) . " ', `group_id`=' " . sql_escape ( $group ) . " ' " );
2014-12-27 21:55:24 +01:00
$user_groups_info [] = $groups [ $group ][ 'Name' ];
2012-12-26 19:53:27 +01:00
}
2012-12-01 11:49:16 +01:00
}
2016-09-29 12:45:06 +02:00
$user_source = User ( $user_id );
2014-12-27 21:55:24 +01:00
engelsystem_log ( " Set groups of " . User_Nick_render ( $user_source ) . " to: " . join ( " , " , $user_groups_info ));
$html .= success ( " Benutzergruppen gespeichert. " , true );
2012-12-01 11:49:16 +01:00
} else {
2014-12-27 21:55:24 +01:00
$html .= error ( " Du kannst keine Engel mit mehr Rechten bearbeiten. " , true );
2012-12-01 11:49:16 +01:00
}
2014-12-27 21:55:24 +01:00
} else {
$html .= error ( " Du kannst Deine eigenen Rechte nicht bearbeiten. " , true );
}
break ;
case 'save' :
$force_active = $user [ 'force_active' ];
2016-09-29 10:53:17 +02:00
if ( in_array ( 'admin_active' , $privileges )) {
2014-12-27 21:55:24 +01:00
$force_active = $_REQUEST [ 'force_active' ];
2016-09-29 10:53:17 +02:00
}
2014-12-27 21:55:24 +01:00
$SQL = " UPDATE `User` SET
2013-12-28 03:13:48 +01:00
`Nick` = '" . sql_escape($_POST["eNick"]) . "' ,
`Name` = '" . sql_escape($_POST["eName"]) . "' ,
`Vorname` = '" . sql_escape($_POST["eVorname"]) . "' ,
`Telefon` = '" . sql_escape($_POST["eTelefon"]) . "' ,
`Handy` = '" . sql_escape($_POST["eHandy"]) . "' ,
`Alter` = '" . sql_escape($_POST["eAlter"]) . "' ,
`DECT` = '" . sql_escape($_POST["eDECT"]) . "' ,
2016-12-27 13:10:18 +01:00
" . ( $user_source['email_by_human_allowed'] ? " `email` = '" . sql_escape($_POST["eemail"]) . "' " : " " ) . "
2013-12-28 03:13:48 +01:00
`jabber` = '" . sql_escape($_POST["ejabber"]) . "' ,
`Size` = '" . sql_escape($_POST["eSize"]) . "' ,
`Gekommen` = '" . sql_escape($_POST["eGekommen"]) . "' ,
`Aktiv` = '" . sql_escape($_POST["eAktiv"]) . "' ,
`force_active` = " . sql_escape( $force_active ) . " ,
`Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "' ,
`Hometown` = '" . sql_escape($_POST["Hometown"]) . "'
2016-09-29 12:45:06 +02:00
WHERE `UID` = '" . sql_escape($user_id) . "'
2014-12-28 13:44:56 +01:00
LIMIT 1 " ;
2014-12-27 21:55:24 +01:00
sql_query ( $SQL );
engelsystem_log ( " Updated user: " . $_POST [ " eNick " ] . " , " . $_POST [ " eSize " ] . " , arrived: " . $_POST [ " eGekommen " ] . " , active: " . $_POST [ " eAktiv " ] . " , tshirt: " . $_POST [ " eTshirt " ]);
$html .= success ( " Änderung wurde gespeichert... \n " , true );
break ;
case 'change_pw' :
if ( $_REQUEST [ 'new_pw' ] != " " && $_REQUEST [ 'new_pw' ] == $_REQUEST [ 'new_pw2' ]) {
2016-09-29 12:45:06 +02:00
set_password ( $user_id , $_REQUEST [ 'new_pw' ]);
$user_source = User ( $user_id );
2014-12-27 21:55:24 +01:00
engelsystem_log ( " Set new password for " . User_Nick_render ( $user_source ));
$html .= success ( " Passwort neu gesetzt. " , true );
} else {
$html .= error ( " Die Eingaben müssen übereinstimmen und dürfen nicht leer sein! " , true );
}
break ;
2012-12-01 11:49:16 +01:00
}
}
2014-09-28 14:50:08 +02:00
2016-09-29 10:53:17 +02:00
return page_with_title ( _ ( " Edit user " ), [
2014-09-28 14:50:08 +02:00
$html
2016-09-29 10:53:17 +02:00
]);
2011-06-03 06:40:29 +02:00
}
2011-09-14 23:11:15 +02:00
?>