00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00017
00018 function userManagementForm()
00019 {
00020 global $ICONS;
00021 global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder,$sourceFolder;
00022 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00023 $usermgmtform=<<<USERFORM
00024 <script type='text/javascript' language='javascript'>
00025 function checkAll(formobj)
00026 {
00027 for(i=0;i<formobj.elements.length;i++)
00028 {
00029
00030 if(formobj.elements[i].type=='checkbox') formobj.elements[i].checked=true;
00031 }
00032 }
00033 function unCheckAll(formobj)
00034 {
00035 for(i=0;i<formobj.elements.length;i++)
00036 {
00037
00038 if(formobj.elements[i].type=='checkbox') formobj.elements[i].checked=false;
00039 }
00040 }
00041 </script>
00042 <form name='user_mgmt_form' action='./+admin&subaction=useradmin' method='POST'>
00043 <fieldset>
00044 <legend>{$ICONS['User Management']['small']}User Management</legend>
00045
00046 Select Fields to Display : <input type='button' onclick='return checkAll(this.form);' value='Check All' /><input type='button' onclick='return unCheckAll(this.form);' value='Uncheck All' />
00047 <table><tr><td>Field Name</td><td>Display ?</td><td>Field Name</td><td>Display ?</td><td>Field Name</td><td>Display ?</td></tr>
00048 USERFORM;
00049
00050 $xcolumnNames=array_keys(getColumnList(0, false, false, false, false, false));
00051 $xcolumnPrettyNames=array_values(getColumnList(0, false, false, false, false, false));
00052 $usertablefields=array_merge(getTableFieldsName('users'),$xcolumnNames);
00053 $userfieldprettynames=array_merge(array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method"),array_map('ucfirst',$xcolumnPrettyNames));
00054 $cols=3;
00055 for($i=0;$i<count($usertablefields);$i=$i+$cols)
00056 {
00057 $usermgmtform.="<tr>";
00058 for($j=0;$j<$cols;$j++)
00059 {
00060 if($i+$j<count($usertablefields))
00061 {
00062 $checked="";
00063 if(isset($_POST['not_first_time']))
00064 $checked=isset($_POST[$usertablefields[$i+$j].'_sel'])?"checked":"";
00065 else if($usertablefields[$i+$j]=="user_fullname" || $usertablefields[$i+$j]=="user_email" || $usertablefields[$i+$j]=="user_activated")
00066 $checked="checked";
00067
00068 $usermgmtform.="<td>{$userfieldprettynames[$i+$j]}</td><td><input type='checkbox' name='{$usertablefields[$i+$j]}_sel' $checked /></td>";
00069 }
00070 }
00071 $usermgmtform.="</tr>";
00072 }
00073 global $ICONS_SRC;
00074 $usermgmtform.=<<<USERFORM
00075 <input type='hidden' name='not_first_time' />
00076 </table>
00077 <fieldset style="float:left;">
00078 <legend>All Registered</legend>
00079 <input type='submit' value='View' name='view_reg_users'/>
00080 <input type='submit' value='Edit' name='edit_reg_users'/>
00081 <input type='submit' value='Save as Excel' name='save_reg_users_excel'/>
00082 </fieldset>
00083 <fieldset style="float:left;">
00084 <legend>Activated Users</legend>
00085 <input type='submit' value='View' name='view_activated_users'/>
00086 <input type='submit' value='Edit' name='edit_activated_users'/>
00087 <input type='submit' value='Save as Excel' name='save_activated_users_excel'/>
00088 </fieldset>
00089 <fieldset style="float:left;">
00090 <legend>Non-Activated Users</legend>
00091 <input type='submit' value='View' name='view_nonactivated_users'/>
00092 <input type='submit' value='Edit' name='edit_nonactivated_users'/>
00093 <input type='submit' value='Save as Excel' name='save_nonactivated_users_excel'/>
00094 </fieldset>
00095 <div style="clear:both"></div>
00096 <hr/>
00097 <table class='iconspanel'>
00098 <tr>
00099 <td>
00100 <input type="image" alt="Search User" src='{$ICONS_SRC['Search']['large']}' onclick="this.form.action+='&subsubaction=search'" value="Search User" /><br/>Search User
00101 </td>
00102 <td>
00103 <input type="image" alt="New User" src='{$ICONS_SRC['New User']['large']}' onclick="this.form.action+='&subsubaction=create'" value="New User" /><br/>New User
00104 </td>
00105 <td>
00106 <input type='image' alt="Deactivate All Users" src='{$ICONS_SRC['Deactivate']['large']}' value='Deactivate All' name='deactivate_all_users'/><br/>Deactivate All Users
00107 </td>
00108 <td>
00109 <input type='image' alt="Activate All Users" src='{$ICONS_SRC['Activate']['large']}' value='Activate All' name='activate_all_users'/><br/>Activate All Users
00110 </td>
00111 </tr>
00112 </table>
00113 </fieldset>
00114
00115
00116 </form>
00117 USERFORM;
00118 return $usermgmtform;
00119 }
00120 function handleUserMgmt()
00121 {
00122 global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder,$sourceFolder;
00123 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00124 if(isset($_GET['userid']))
00125 $_GET['userid']=escape($_GET['userid']);
00126 if(isset($_POST['editusertype'])) $_POST['editusertype']=escape($_POST['editusertype']);
00127 if(isset($_POST['user_selected_activate'])) {
00128 foreach($_POST as $key => $var)
00129 if(substr($key,0,9)=="selected_") {
00130 if(!mysql_query("UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=1 WHERE user_id='".substr($key,9)."'")) {
00131 $result = mysql_query("SELECT `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`='".substr($key,9)."'");
00132 if($result) {
00133 $row = mysql_fetch_assoc($result);
00134 displayerror("Couldn't activate user, {$row['user_fullname']}");
00135 }
00136 }
00137 }
00138 return registeredUsersList($_POST['editusertype'],"edit",false);
00139 }
00140 if(isset($_POST['user_selected_deactivate'])) {
00141 foreach($_POST as $key => $var)
00142 if(substr($key,0,9)=="selected_") {
00143 if((int)substr($key,9)==ADMIN_USERID) {
00144 displayerror("You cannot deactivate administrator!");
00145 continue;
00146 }
00147 if(!mysql_query("UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=0 WHERE user_id='".substr($key,9)."'")) {
00148 $result = mysql_query("SELECT `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`='".substr($key,9)."'");
00149 if($result) {
00150 $row = mysql_fetch_assoc($result);
00151 displayerror("Couldn't deactivate user, {$row['user_fullname']}");
00152 }
00153 }
00154 }
00155 return registeredUsersList($_POST['editusertype'],"edit",false);
00156 }
00157 if(isset($_POST['user_selected_delete'])) {
00158 $done = true;
00159 foreach($_POST as $key => $var)
00160 if(substr($key,0,9)=="selected_") {
00161 if((int)substr($key,9)==ADMIN_USERID) {
00162 displayerror("You cannot delete administrator!");
00163 continue;
00164 }
00165 $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id` = '".substr($key,9)."'";
00166 if(mysql_query($query)) {
00167 $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."openid_users` WHERE `user_id` = '".substr($key,9)."'";
00168 if(!mysql_query($query))
00169 $done = false;
00170 } else
00171 $done = false;
00172 }
00173 if(!$done)
00174 displayerror("Some problem in deleting selected users");
00175 return registeredUsersList($_POST['editusertype'],"edit",false);
00176 }
00177 if(isset($_POST['user_activate']))
00178 {
00179 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=1 WHERE user_id={$_GET['userid']}";
00180 if(mysql_query($query))
00181 displayInfo("User Successfully Activated!");
00182 else displayerror("User Not Activated!");
00183 return registeredUsersList($_POST['editusertype'],"edit",false);
00184 }
00185 else if(isset($_POST['activate_all_users']))
00186 {
00187
00188 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=1";
00189 if(mysql_query($query))
00190 displayInfo("All users activated successfully!");
00191 else displayerror("Users Not Deactivated!");
00192
00193 return;
00194 }
00195 else if(isset($_POST['user_deactivate']))
00196 {
00197 if($_GET['userid']==ADMIN_USERID)
00198 {
00199 displayError("You cannot deactivate administrator!");
00200 return registeredUsersList($_POST['editusertype'],"edit",false);
00201 }
00202 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=0 WHERE user_id={$_GET['userid']}";
00203 if(mysql_query($query))
00204 displayInfo("User Successfully Deactivated!");
00205 else displayerror("User Not Deactivated!");
00206
00207 return registeredUsersList($_POST['editusertype'],"edit",false);
00208 }
00209 else if(isset($_POST['deactivate_all_users']))
00210 {
00211
00212 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=0 WHERE user_id != ".ADMIN_USERID;
00213 if(mysql_query($query))
00214 displayInfo("All users deactivated successfully except Administrator!");
00215 else displayerror("Users Not Deactivated!");
00216
00217 return;
00218 }
00219 else if(isset($_POST['user_delete']))
00220 {
00221 $userId=$_GET['userid'];
00222 if($userId==ADMIN_USERID)
00223 {
00224 displayError("You cannot delete administrator!");
00225 return registeredUsersList($_POST['editusertype'],"edit",false);
00226 }
00227 $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id` = $userId";
00228 if(mysql_query($query))
00229 {
00230 $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."openid_users` WHERE `user_id` = $userId";
00231 if(mysql_query($query))
00232 {
00233 displayinfo("User Successfully Deleted!");
00234 }
00235 else displayerror("User not deleted from OpenID database!");
00236 }
00237 else displayerror("User Not Deleted!");
00238
00239
00240 return registeredUsersList($_POST['editusertype'],"edit",false);
00241
00242 }
00243 else if(isset($_POST['user_info']) || (isset($_POST['user_info_update'])))
00244 {
00245 if(isset($_POST['user_info_update']))
00246 {
00247 $updates = array();
00248 $userId=$_GET['userid'];
00249 $query="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`={$userId}";
00250 $row=mysql_fetch_assoc(mysql_query($query));
00251 $errors = false;
00252
00253 if(isset($_POST['user_name']) && $row['user_name']!=$_POST['user_name'])
00254 {
00255 $chkquery="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_name`='".escape($_POST['user_name'])."'";
00256 $result=mysql_query($chkquery) or die("failed : $chkquery");
00257 if(mysql_num_rows($result)>0)
00258 {
00259 displayerror("User Name already exists in database!");
00260 $errors=true;
00261 }
00262
00263 }
00264
00265
00266 if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name']!=$row['user_name']) {
00267 $updates[] = "`user_name` = '".escape($_POST['user_name'])."'";
00268
00269 }
00270 if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email']!=$row['user_email']) {
00271 $updates[] = "`user_email` = '".escape($_POST['user_email'])."'";
00272
00273 }
00274 if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname']!=$row['user_fullname']) {
00275 $updates[] = "`user_fullname` = '".escape($_POST['user_fullname'])."'";
00276
00277 }
00278
00279 if ($_POST['user_password'] != '') {
00280
00281 if ($_POST['user_password'] != $_POST['user_password2']) {
00282 displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.'); $errors=true;
00283 }
00284 else if(md5($_POST['user_password']) != $row['user_password']) {
00285 $updates[] = "`user_password` = MD5('{$_POST['user_password']}')";
00286
00287 }
00288 }
00289 if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate']!=$row['user_regdate']) {
00290 $updates[] = "`user_regdate` = '".escape($_POST['user_regdate'])."'";
00291
00292 }
00293 if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin']!=$row['user_lastlogin']) {
00294 $updates[] = "`user_lastlogin` = '".escape($_POST['user_lastlogin'])."'";
00295
00296 }
00297 if ($_GET['userid']!=ADMIN_USERID && (isset($_POST['user_activated'])?1:0)!=$row['user_activated']) {
00298 $checked=isset($_POST['user_activated'])?1:0;
00299 $updates[] = "`user_activated` = $checked";
00300
00301 }
00302 if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod']!=$row['user_loginmethod']) {
00303 $updates[] = "`user_loginmethod` = '".escape($_POST['user_loginmethod'])."'";
00304 if($_POST['user_loginmethod']!='db')
00305 displaywarning("Please make sure ".strtoupper(escape($_POST['user_loginmethod']))." is configured properly, otherwise the user will not be able to login to the website.");
00306 }
00307
00308 if(!$errors) {
00309 if(count($updates) > 0)
00310 {
00311 $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = {$_GET['userid']}";
00312 $profileResult = mysql_query($profileQuery);
00313 if(!$profileResult) {
00314 displayerror('An error was encountered while attempting to process your request.'.$profileQuery);
00315 $errors = true;
00316 }
00317 }
00318 global $sourceFolder,$moduleFolder;
00319 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00320 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00321 if(!$errors && !submitRegistrationForm(0, $userId, true, true)) {
00322 displayerror('An error was encountered while attempting to process your request.'.$profileQuery);
00323 $errors = true;
00324 }
00325 else displayinfo('All fields updated successfully!');
00326 }
00327
00328
00329
00330
00331 }
00332
00333 $userid=$_GET['userid'];
00334 $query="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`=$userid";
00335 $columnList=getColumnList(0,false,false,false,false,false);
00336 $xcolumnIds=array_keys($columnList);
00337 $xcolumnNames=array_values($columnList);
00338
00339 $row=mysql_fetch_assoc(mysql_query($query));
00340
00341
00342 $userfieldprettynames=array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method");
00343
00344 $userinfo="<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid=$userid' method='post'>";
00345
00346
00347
00348
00349 $usertablefields=array_merge(getTableFieldsName('users'),$xcolumnNames);
00350
00351 for($i=0;$i<count($usertablefields);$i++)
00352 if(isset($_POST[$usertablefields[$i].'_sel']))
00353 $userinfo.="<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
00354 $userinfo.="<input type='hidden' name='not_first_time' />";
00355
00356
00357
00358 $userinfo.=userProfileForm($userfieldprettynames,$row,false,true);
00359 $userinfo.="<input type='submit' value='Update' name='user_info_update' />
00360 <input type='reset' value='Reset' /></form></fieldset>";
00361 return $userinfo;
00362
00363
00364 }
00365 else if(isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel']))
00366 {
00367 return registeredUsersList("all","view",false);
00368 }
00369 else if(isset($_POST['edit_reg_users']))
00370 {
00371 return registeredUsersList("all","edit",false);
00372 }
00373
00374 else if(isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel']))
00375 {
00376 return registeredUsersList("activated","view",false);
00377 }
00378 else if(isset($_POST['edit_activated_users']))
00379 {
00380 return registeredUsersList("activated","edit",false);
00381 }
00382 else if(isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel']))
00383 {
00384 return registeredUsersList("nonactivated","view",false);
00385 }
00386 else if(isset($_POST['edit_nonactivated_users']))
00387 {
00388 return registeredUsersList("nonactivated","edit",false);
00389 }
00390 else if(isset($_GET['subsubaction']) && $_GET['subsubaction']=='search')
00391 {
00392
00393 $results="";
00394
00395
00396 $userfieldprettynames=array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method");
00397
00398
00399 $usertablefields=getTableFieldsName('users');
00400
00401 $first=true;
00402
00403 $qstring="";
00404 foreach ($usertablefields as $field) {
00405 if(isset($_POST[$field]) && $_POST[$field]!='')
00406 {
00407 if ($first == false)
00408 $qstring .= ($_POST['user_search_op']=='and')?" AND ":" OR ";
00409 $val=escape($_POST[$field]);
00410 if($field=='user_activated') ${$field.'_lastval'}=$val=isset($_POST[$field])?1:0;
00411 else ${$field.'_lastval'}=$val;
00412 $qstring .= "`$field` LIKE CONVERT( _utf8 '%$val%'USING latin1 ) ";
00413 $first=false;
00414 }
00415 }
00416 if($qstring!="")
00417 {
00418 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE $qstring ";
00419 $resultSearch = mysql_query($query);
00420 if (mysql_num_rows($resultSearch) > 0) {
00421 $num = mysql_num_rows($resultSearch);
00422
00423 $userInfo=array();
00424
00425
00426 while($row=mysql_fetch_assoc($resultSearch))
00427 {
00428 $userInfo['user_id'][]=$row['user_id'];
00429 $userInfo['user_name'][]=$row['user_name'];
00430 $userInfo['user_email'][]=$row['user_email'];
00431 $userInfo['user_fullname'][]=$row['user_fullname'];
00432 $userInfo['user_password'][]=$row['user_password'];
00433 $userInfo['user_lastlogin'][]=$row['user_lastlogin'];
00434 $userInfo['user_regdate'][]=$row['user_regdate'];
00435 $userInfo['user_activated'][]=$row['user_activated'];
00436 $userInfo['user_loginmethod'][]=$row['user_loginmethod'];
00437 }
00438 $results=registeredUsersList("all","edit",false,$userInfo);
00439 } else
00440 displayerror("No users matched your query!");
00441
00442 }
00443
00444 $searchForm="<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>";
00445 $xcolumnNames=array_keys(getColumnList(0, false, false, false, false, false));
00446 $usertablefields2=array_merge($usertablefields,$xcolumnNames);
00447 for($i=0;$i<count($usertablefields2);$i++)
00448 if(isset($_POST[$usertablefields2[$i].'_sel']))
00449 $searchForm.="<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
00450 $searchForm.="<input type='hidden' name='not_first_time' />";
00451
00452 $infoarray=array();
00453 foreach ($usertablefields as $field)
00454 if(isset(${$field.'_lastval'}))
00455 $infoarray[$field]=${$field.'_lastval'};
00456 else $infoarray[$field]="";
00457
00458 $searchForm.=userProfileForm($userfieldprettynames,$infoarray,true,false);
00459
00460 $searchForm.="Operation : <input type='radio' name='user_search_op' value='and' />AND <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>";
00461 return $results.$searchForm;
00462
00463
00464 }
00465
00466 else if(isset($_GET['subsubaction']) && $_GET['subsubaction']=='create')
00467 {
00468
00469
00470 $userfieldprettynamesarray=array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method");
00471
00472 $usertablefields=getTableFieldsName('users');
00473
00474 if(isset($_POST['create_user_submit']))
00475 {
00476 $incomplete=false;
00477 foreach($usertablefields as $field)
00478 {
00479 if(($field != 'user_regdate') && ($field != 'user_lastlogin') && ($field != 'user_activated') && (isset($_POST[$field]) && $_POST[$field]==""))
00480 {
00481 displayerror("New user could not be created. Some fields are missing!$field");
00482 $incomplete=true;
00483 break;
00484 }
00485 ${$field}=escape($_POST[$field]);
00486 }
00487 if(!$incomplete)
00488 {
00489 $user_id=$_GET['userid'];
00490 $chkquery="SELECT COUNT(user_id) FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`=$user_id OR `user_name`='$user_name' OR `user_email`='$user_email'";
00491
00492 $result=mysql_query($chkquery);
00493 $row=mysql_fetch_row($result);
00494
00495 if($row[0]>0) displayerror("Another user with the same name or email already exists!");
00496 else if($user_password!=$_POST['user_password2']) displayerror("Passwords mismatch!");
00497 else
00498 {
00499 if(isset($_POST['user_activated'])) $user_activated=1;
00500 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('$user_id' ,'$user_name' ,'$user_email' ,'$user_fullname' , MD5('$user_password') ,CURRENT_TIMESTAMP , '', '$user_activated','$user_loginmethod')";
00501 $result = mysql_query($query) or die(mysql_error());
00502 global $sourceFolder,$moduleFolder;
00503 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00504 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00505 if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) displayinfo("User $user_fullname Successfully Created!");
00506 else displayerror("Failed to create user");
00507 }
00508 }
00509 }
00510
00511 $nextUserId=getNextUserId();
00512 $userForm="<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid=$nextUserId' method='POST'><h3>Create New User</h3>";
00513 $xcolumnNames=array_values(getColumnList(0, false, false, false, false, false));
00514 $usertablefields2=array_merge($usertablefields,$xcolumnNames);
00515 $calpath = "$urlRequestRoot/$cmsFolder/$moduleFolder";
00516 $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="'.$calpath.'/form/calendar/calendar.css" title="Aqua" />' .
00517 '<script type="text/javascript" src="'.$calpath.'/form/calendar/calendar.js"></script>';
00518 for($i=0;$i<count($usertablefields2);$i++)
00519 if(isset($_POST[$usertablefields2[$i].'_sel']))
00520 $userForm.="<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
00521 $userForm.="<input type='hidden' name='not_first_time' />";
00522 $infoarray=array();
00523 foreach ($usertablefields as $field)
00524 $infoarray[$field]="";
00525 $infoarray['user_id']=$nextUserId;
00526
00527 $userForm.=userProfileForm($userfieldprettynamesarray,$infoarray,false,true);
00528
00529 $userForm.="<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>";
00530 return $userForm;
00531
00532
00533
00534
00535
00536 }
00537
00538 }
00539 function getAllUsersInfo(&$userId,&$userName,&$userEmail,&$userFullName,&$userPassword,&$userLastLogin,&$userRegDate,&$userActivated,&$userLoginMethod)
00540 {
00541 $query="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` ORDER BY `user_id` ASC";
00542 $result=mysql_query($query);
00543 $userId=array();
00544 $userEmail=array();
00545 $userName=array();
00546 $userFullName=array();
00547 $userPassword=array();
00548 $userLastLogin=array();
00549 $userRegDate=array();
00550 $userActivated=array();
00551 $userLoginMethod=array();
00552 $i=0;
00553 while($row=mysql_fetch_assoc($result))
00554 {
00555 $userId[$i]=$row['user_id'];
00556 $userName[$i]=$row['user_name'];
00557 $userEmail[$i]=$row['user_email'];
00558
00559 $userFullName[$i]=$row['user_fullname'];
00560 $userPassword[$i]=$row['user_password'];
00561 $userLastLogin[$i]=$row['user_lastlogin'];
00562 $userRegDate[$i]=$row['user_regdate'];
00563 $userActivated[$i]=$row['user_activated'];
00564 $userLoginMethod[$i]=$row['user_loginmethod'];
00565 $i++;
00566 }
00567
00568 }
00569 function registeredUsersList($type,$act,$allfields,$userInfo=NULL)
00570 {
00571 global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder,$sourceFolder;
00572 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00573 $extraColumns=getColumnList(0, false, false, false, false, false);
00574 $xcolumnIds=array(); $xcolumnNames=array(); $xcolumnFieldVars=array();
00575 foreach($extraColumns as $columnid=>$colname)
00576 {
00577 $xcolumnIds[]=$columnid;
00578 $xcolumnNames[]=$colname;
00579 $xcolumnFieldVars[]='user'.ucfirst($colname);
00580 ${'user'.ucfirst($colname)}=array();
00581 }
00582
00583 if($userInfo==NULL)
00584 {
00585 getAllUsersInfo($userId,$userName,$userEmail,$userFullName,$userPassword,$userLastLogin,$userRegDate,$userActivated,$userLoginMethod);
00586 }
00587 else
00588 {
00589 $userId=$userInfo['user_id'];
00590 $userName=$userInfo['user_name'];
00591 $userEmail=$userInfo['user_email'];
00592
00593 $userFullName=$userInfo['user_fullname'];
00594 $userPassword=$userInfo['user_password'];
00595 $userLastLogin=$userInfo['user_lastlogin'];
00596 $userRegDate=$userInfo['user_regdate'];
00597 $userActivated=$userInfo['user_activated'];
00598 $userLoginMethod=$userInfo['user_loginmethod'];
00599
00600 }
00601 foreach($userId as $userid)
00602 {
00603 $xinfo=generateFormDataRow(0,$userid,$xcolumnIds);
00604 foreach($xinfo as $j=>$info)
00605 {
00606 ${$xcolumnFieldVars[$j]}[]=$info;
00607 }
00608 }
00609
00610
00611
00612 $userfieldprettynames=array_merge( array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method"), array_map('ucfirst',$xcolumnNames));
00613
00614 function replace10byYesNo(&$value,$key)
00615 { if($value=='1') $value="Yes"; else if ($value=='0') $value="No"; }
00616 array_walk($userActivated,'replace10byYesNo');
00617
00618
00619 $userlisttdids=array_merge(array("user_id","user_name","user_email","user_fullname","user_password","user_regdate","user_lastlogin","user_activated","user_loginmethod"), $xcolumnIds);
00620 $userfieldvars=array_merge(array("userId","userName","userEmail","userFullName","userPassword","userRegDate","userLastLogin","userActivated","userLoginMethod"), $xcolumnFieldVars);
00621
00622 $userlist="";
00623 $columns=count($userfieldvars);
00624 if($act=="edit")
00625 {
00626 $userlist.="<form name='user_edit_form' method='POST' action='./+admin&subaction=useradmin&userid=' >\n";
00627 $userlist.="<input type='hidden' name='editusertype' value='$type' />";
00628 $columns+=3;
00629 }
00630 $userlist .= smarttable::render(array('userstable'),null);
00631 global $STARTSCRIPTS;
00632 $STARTSCRIPTS.="initSmartTable();";
00633
00634 $userlist.=<<<USERLIST
00635
00636 <script language="javascript">
00637 function checkDelete(butt,userDel,userId)
00638 {
00639 if(confirm('Are you sure you want to delete '+userDel+' (User ID='+userId+')?'))
00640 {
00641 butt.form.action+=userId;
00642 }
00643 else return false;
00644 }
00645 function checkDeleteAll(butt) {
00646 if(!confirm('Are you sure you want to delete all selected users?')) {
00647 return false;
00648 }
00649 butt.form.action+='-1';
00650 return true;
00651 }
00652 </script>
00653 <a name='userlist'></a>
00654 USERLIST;
00655 global $ICONS_SRC;
00656 $userlisttable = "";
00657 if($act=="edit")
00658 $userlisttable =<<<TABLE
00659 <input title='Activate Selected Users' type='image' src='{$ICONS_SRC['Activate']['small']}' onclick=\"this.form.action+='-1'\" name='user_selected_activate' value='Activate'>\n
00660 <input title='Deactivate Selected Users' type='image' src='{$ICONS_SRC['Deactivate']['small']}' onclick=\"this.form.action+='-1'\" name='user_selected_deactivate' value='Deactivate'>\n
00661 <input title='Delete Selected Users' type='image' src='{$ICONS_SRC['Delete']['small']}' onclick=\"return checkDeleteAll(this)\" name='user_selected_delete' value='Delete'>\n
00662 TABLE;
00663 $userlisttable.=<<<TABLE
00664 <table class="userlisttable display" border="1" id='userstable'>
00665 <thead>
00666 <tr><th colspan="$columns">Users Registered on the Website</th></tr>
00667 <tr>
00668 TABLE;
00669
00670
00671
00672 $defCols=getTableFieldsName('users');
00673 $usertablefields=array_merge($defCols,$xcolumnIds);
00674 $displayfieldsindex=array();
00675 $c=0;
00676 for($i=0;$i<count($usertablefields);$i++)
00677 {
00678 if(isset($_POST[$usertablefields[$i].'_sel']) || $allfields)
00679 {
00680 $userlisttable.="<th>".$userfieldprettynames[$i];
00681 if($act=="edit") $userlist.="<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
00682 $userlisttable.="</th>";
00683 $displayfieldsindex[$c++]=$i;
00684 }
00685 }
00686
00687
00688 $userlist.="<input type='hidden' name='not_first_time' />";
00689
00690
00691 if($act=="edit")
00692 {
00693 $userlisttable.="<th>Actions</th>";
00694 }
00695 $userlisttable.="</tr></thead><tbody>";
00696 $rowclass="oddrow";
00697 $flag=false;
00698 $usercount=0;
00699 for($i=0; $i<count($userId); $i++)
00700 {
00701 if($type=="activated" && $userActivated[$i]=="No")
00702 continue;
00703 if($type=="nonactivated" && $userActivated[$i]=="Yes")
00704 continue;
00705 $flag=true;
00706 $userlisttable.="<tr class='$rowclass'>";
00707
00708 for($j=0; $j<count($displayfieldsindex); $j++)
00709 {
00710 $userlisttable.="<td class='{$userlisttdids[$j]}'>".${$userfieldvars[$displayfieldsindex[$j]]}[$i]."</td>";
00711 }
00712
00713
00714 if($act=="edit")
00715 {
00716 $userlisttable.="<td id='user_editactions'>";
00717 $userlisttable.="<input type='checkbox' name='selected_{$userId[$i]}' />";
00718 if($userActivated[$i]=="No")
00719 $userlisttable.="<input title='Activate User' type='image' src='{$ICONS_SRC['Activate']['small']}' onclick=\"this.form.action+='{$userId[$i]}'\" name='user_activate' value='Activate'>\n";
00720 else $userlisttable.="<input title='Deactivate User' type='image' src='{$ICONS_SRC['Deactivate']['small']}' onclick=\"this.form.action+='{$userId[$i]}'\" name='user_deactivate' value='Deactivate'>\n";
00721 $userlisttable.="<input title='Edit User' type='image' src='{$ICONS_SRC['Edit']['small']}' onclick=\"this.form.action+='{$userId[$i]}'\" name='user_info' value='Edit'>\n";
00722 $userlisttable.="<input title='Delete User' type='image' src='{$ICONS_SRC['Delete']['small']}' onclick=\"return checkDelete(this,'".$userName[$i]."','".$userId[$i]."')\" name='user_delete' value='Delete'>\n";
00723 $userlisttable.="</td>";
00724
00725 }
00726 $userlisttable.="</tr>";
00727 $rowclass=$rowclass=="evenrow"?"oddrow":"evenrow";
00728 $usercount++;
00729 }
00730 $userlisttable.="</tbody></table>";
00731
00733 if(isset($_POST['save_reg_users_excel'])|| isset($_POST['save_activated_users_excel']) || isset($_POST['save_nonactivated_users_excel']))
00734 {
00735 header("Pragma: public");
00736 header("Expires: 0");
00737 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
00738 header("Cache-Control: private",false);
00739 header("Content-Type: application/vnd.ms-excel");
00740 header("Content-Disposition: attachment; filename=\"users.xls\";" );
00741 header("Content-Transfer-Encoding: binary");
00742 echo $userlisttable;
00743 exit(1);
00744 }
00745
00746 if($act=="edit") $userlist.=$userlisttable."</form>";
00747 else $userlist.=$userlisttable;
00748
00749
00750
00751 return ($flag)?$userlist:"No Users Found!";
00752 }
00753 function userProfileForm($userfieldprettynames,$profileInfoRows,$editID=false,$showProfileInfo=true)
00754 {
00755 $i=0;
00756 $userinfo="<table>";
00757 foreach ($profileInfoRows as $field => $value)
00758 {
00759 if($field=='user_password')
00760 {
00761 $userinfo.="<tr><td>{$userfieldprettynames[$i]}</td><td><input type='password' name='$field'/></td></tr>";
00762 $field.='2';
00763 $userinfo.="<tr><td>{$userfieldprettynames[$i++]} (Verify)</td><td><input type='password' name='$field'/></td></tr>";
00764 }
00765 else if($field=='user_activated')
00766 {
00767 $value=($value==1)?"checked":"";
00768 $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td><input type='checkbox' name='$field' $value /></td></tr>";
00769 }
00770 else if($field=='user_loginmethod')
00771 {
00772 $ldapsel=$imapsel=$adssel=$dbsel="";
00773 ${$profileInfoRows[$field].'sel'}=" selected = 'selected' ";
00774 $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td><select id='$field' name='$field'>
00775 <option></option>
00776 <option $ldapsel>ldap</option>
00777 <option $imapsel>imap</option>
00778 <option $adssel>ads</option>
00779 <option $dbsel>db</option>
00780 </select>
00781 </td></tr>";
00782 }
00783 else if((!$editID && $field=='user_id') || (!$editID && $field=='user_regdate'))
00784 $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td>$value</td></tr>";
00785
00786 else $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td><input type='text' name='$field' value='$value'/></td></tr>";
00787
00788 }
00789
00790 if($showProfileInfo)
00791 {
00792 global $sourceFolder,$moduleFolder;
00793 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00794 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00795 $containsFileUploadFields = false;
00796 $userId=$profileInfoRows['user_id'];
00797 $dynamicFields = getFormElementsHtmlAsArray(0, $userId, $jsValidationFunctions, $containsFileUploadFields);
00798 $dynamicFields = join($dynamicFields, "</tr>\n<tr>");
00799 if($dynamicFields != '') {
00800 $dynamicFields = "<tr>$dynamicFields</tr>";
00801 }
00802 $userinfo.=$dynamicFields;
00803 }
00804
00805 return $userinfo."</table>";
00806 }
00807 ?>