query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); if (!$user) { $admin->error($lang->getlex('error_invalid_id')); } if ($user['userid'] == $bugsys->userinfo['userid']) { $admin->error($lang->string('You cannot delete your own account!')); } if ($user['usergroupid'] == 6) { $count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "user WHERE usergroupid = 6 AND userid <> $user[userid]"); if ($count['count'] < 1) { $admin->error($lang->string('At least one other administrator needs to be present before you can delete this user')); } } $db->query("DELETE FROM " . TABLE_PREFIX . "user WHERE userid = $user[userid]"); $db->query("DELETE FROM " . TABLE_PREFIX . "favourite WHERE userid = $user[userid]"); $db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = $user[userid]"); $admin->redirect('user.php'); } // ################################################################### if ($_REQUEST['do'] == 'delete') { $admin->page_confirm($lang->string('Are you sure you want to delete this user?'), 'user.php?do=kill&userid=' . intval($bugsys->in['userid'])); } // ################################################################### if ($_POST['do'] == 'insert') { $salt = $funct->rand(15); $db->query(" INSERT INTO " . TABLE_PREFIX . "user (email, displayname, password, salt, authkey, showemail, showcolours, languageid, usergroupid, timezone) VALUES ('" . $bugsys->in['email'] . "', '" . $bugsys->in['displayname'] . "', '" . md5(md5($bugsys->in['password']) . md5($salt)) . "', '$salt', '" . $funct->rand() . "', " . intval($bugsys->in['showemail']) . ", " . intval($bugsys->in['showcolours']) . ", " . intval($bugsys->in['languageid']) . ", " . intval($bugsys->in['usergroupid']) . ", " . intval($bugsys->in['timezone']) . " )" ); build_assignedto(); $admin->redirect('user.php?do=edit&userid=' . $db->insert_id()); } // ################################################################### if ($_POST['do'] == 'update') { $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); if (!$user) { $admin->error($lang->getlex('error_invalid_id')); } $db->query(" UPDATE " . TABLE_PREFIX . "user SET displayname = '" . $bugsys->in['displayname'] . "', email = '" . $bugsys->in['email'] . "', showcolours = " . intval($bugsys->in['showcolours']) . ", usergroupid = " . intval($bugsys->in['usergroupid']) . ", languageid = " . intval($bugsys->in['languageid']) . ", timezone = " . intval($bugsys->in['timezone']) . ($bugsys->in['password'] ? ", password = '" . md5(md5($bugsys->in['password']) . md5($user['salt'])) . "'" : '') . " WHERE userid = $user[userid]" ); build_assignedto(); $admin->redirect('user.php?do=edit&userid=' . $user['userid']); } // ################################################################### if ($_REQUEST['do'] == 'edit' OR $_REQUEST['do'] == 'add') { $add = ($_REQUEST['do'] == 'add'); $edit = (!$add); if ($edit) { $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); if (!$user) { $admin->error($lang->getlex('error_invalid_id')); } } $admin->page_start(($add ? $lang->string('Add User') : $lang->string('Edit User')), 2, 'user_manage'); $admin->form_start('user.php', ($add ? 'insert' : 'update')); if ($edit) { $admin->form_hidden_field('userid', $user['userid']); } $admin->table_start(); $admin->table_head(($add ? $lang->string('Add User') : sprintf($lang->string('Edit User (userid: %1$s)'), $user['userid']))); $admin->row_input($lang->string('Display Name'), 'displayname', $user['displayname']); $admin->row_input($lang->string('Email'), 'email', $user['email']); $admin->row_input(($add ? $lang->string('Password') : $lang->string('Password (Leave blank for no change)')), 'password'); foreach ($bugsys->datastore['usergroup'] AS $group) { $admin->list_item($group['title'], $group['usergroupid'], ($user['usergroupid'] == $group['usergroupid'])); } $admin->row_list($lang->string('Usergroup'), 'usergroupid'); $admin->row_yesno($lang->string('Show Email Publicly'), 'showemail', $user['showemail']); $admin->row_yesno($lang->string('Show Status Colours on Bug Listings'), 'showcolours', $user['showcolours']); foreach ($bugsys->datastore['language'] AS $language) { $admin->list_item($language['title'], $language['languageid'], ($user['languageid'] == $language['languageid'])); } $admin->row_list($lang->string('Language'), 'languageid'); foreach ($datef->fetch_timezone_list() AS $value => $string) { $admin->list_item($string, $value, ($user['timezone'] == $value)); } $admin->row_list($lang->string('Timezone'), 'timezone'); $admin->row_submit(($edit ? '[' . $lang->string('Delete') . ']' : ''), ':save:', ':reset:', 4); $admin->table_end(); $admin->form_end(); $admin->page_end(); } // ################################################################### if ($_REQUEST['do'] == 'search') { $fail = false; if (is_numeric($bugsys->in['userdata'])) { if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userdata']))) { header('Location: user.php?do=edit&userid=' . intval($bugsys->in['userdata'])); } else { $fail = true; } } else { $bugsys->in['userdata'] = str_replace('%', '\%', $bugsys->in['userdata']); $results = $db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . $bugsys->in['userdata'] . "%' OR displayname LIKE '%" . $bugsys->in['userdata'] . "%'"); if ($db->num_rows($results) < 1) { $fail = true; } else { $admin->page_start($lang->string('Search Results')); $admin->table_start(); $admin->table_head($lang->string('Search Results'), 4); $admin->table_column_head(array($lang->string('Display Name'), $lang->string('Email'), $lang->string('User ID'), $lang->string('Actions'))); while ($row = $db->fetch_array($results)) { $admin->row_multi_item(array( $row['displayname'] => 'l', $row['email'] => 'c', $row['userid'] => 'c', '[' . $lang->string('Edit') . ']' => 'c' )); } $admin->table_end(); $admin->page_end(); } } if ($fail) { $admin->error($lang->string('Sorry, we could not find any users that matched your criteria.')); } } // ################################################################### if ($_REQUEST['do'] == 'modify') { $admin->page_start($lang->string('User Search')); $admin->form_start('user.php', 'search'); $admin->table_start(true, '45%'); $admin->table_head($lang->string('User Search'), 2, 'user_manage'); $admin->row_input($lang->string('Name/Email/ID'), 'userdata'); $admin->row_submit('', ':save:', ''); $admin->table_end(); $admin->form_end(); $admin->page_end(); } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>