<?php
/*=====================================================================*\
|| ################################################################### ||
|| # BugStrike [#]version[#]
|| # --------------------------------------------------------------- # ||
|| # Copyright Š2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
|| # This file may not be reproduced in any way without permission.  # ||
|| # --------------------------------------------------------------- # ||
|| # User License Agreement at http://www.iris-studios.com/license/  # ||
|| ################################################################### ||
\*=====================================================================*/

require_once('./global.php');

if (!can_perform('canadminusers'))
{
	admin_login();
}

// ###################################################################

if (empty($_REQUEST['do']))
{
	$_REQUEST['do'] = 'modify';
}

// ###################################################################

if ($_REQUEST['do'] == 'kill')
{
	$user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid']));
	if (!$user)
	{
		$admin->error($lang->getlex('error_invalid_id'));
	}
	
	if ($user['userid'] == $bugsys->userinfo['userid'])
	{
		$admin->error($lang->string('You cannot delete your own account!'));
	}
	
	if ($user['usergroupid'] == 6)
	{
		$count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "user WHERE usergroupid = 6 AND userid <> $user[userid]");
		if ($count['count'] < 1)
		{
			$admin->error($lang->string('At least one other administrator needs to be present before you can delete this user'));
		}
	}
	
	$db->query("DELETE FROM user WHERE userid = $user[userid]");
	$db->query("DELETE FROM favourite WHERE userid = $user[userid]");
	$db->query("DELETE FROM useractivation WHERE userid = $user[userid]");
	
	$admin->redirect('user.php');
}

// ###################################################################

if ($_REQUEST['do'] == 'delete')
{
	$admin->page_confirm($lang->string('Are you sure you want to delete this user?'), 'user.php?do=kill&amp;userid=' . intval($bugsys->in['userid']));
}

// ###################################################################

if ($_POST['do'] == 'insert')
{
	$salt = $funct->rand(15);
	
	$db->query("
		INSERT INTO " . TABLE_PREFIX . "user
			(email, displayname, password, salt, authkey, showemail, languageid, usergroupid, timezone)
		VALUES
			('" . $bugsys->in['email'] . "',
			'" . $bugsys->in['displayname'] . "',
			'" . md5(md5($bugsys->in['password']) . md5($salt)) . "',
			'$salt',
			'" . $funct->rand() . "',
			" . intval($bugsys->in['showemail']) . ",
			" . intval($bugsys->in['languageid']) . ",
			" . intval($bugsys->in['usergroupid']) . ",
			" . intval($bugsys->in['timezone']) . "
		)"
	);
	
	$admin->redirect('user.php?do=edit&userid=' . $db->insert_id());
}

// ###################################################################

if ($_POST['do'] == 'update')
{
	$user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid']));
	if (!$user)
	{
		$admin->error($lang->getlex('error_invalid_id'));
	}
	
	$db->query("
		UPDATE " . TABLE_PREFIX . "user
		SET displayname = '" . $bugsys->in['displayname'] . "',
			email = '" . $bugsys->in['email'] . "',
			usergroupid = " . intval($bugsys->in['usergroupid']) . ",
			languageid = " . intval($bugsys->in['languageid']) . ",
			timezone = " . intval($bugsys->in['timezone']) . ($bugsys->in['password'] ? ",
			password = '" . md5(md5($bugsys->in['password']) . md5($user['salt'])) . "'" : '') . "
		WHERE userid = $user[userid]"
	);
	
	$admin->redirect('user.php?do=edit&userid=' . $user['userid']);
}

// ###################################################################

if ($_REQUEST['do'] == 'edit' OR $_REQUEST['do'] == 'add')
{
	$add = ($_REQUEST['do'] == 'add');
	$edit = (!$add);
	
	if ($edit)
	{
		$user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid']));
		if (!$user)
		{
			$admin->error($lang->getlex('error_invalid_id'));
		}
	}
		
	$admin->page_start(($add ? $lang->string('Add User') : $lang->string('Edit User')));
	
	$admin->form_start('user.php', ($add ? 'insert' : 'update'));
	
	if ($edit)
	{
		$admin->form_hidden_field('userid', $user['userid']);
	}
	
	$admin->table_start();
	
	$admin->table_head(($add ? $lang->string('Add User') : sprintf($lang->string('Edit User (userid: %1$s)'), $user['userid'])));
	
	$admin->row_input($lang->string('Display Name'), 'displayname', $user['displayname']);
	$admin->row_input($lang->string('Email'), 'email', $user['email']);
	$admin->row_input(($add ? $lang->string('Password') : $lang->string('Password (Leave blank for no change)')), 'password');
	
	foreach ($bugsys->datastore['usergroup'] AS $group)
	{
		$admin->list_item($group['title'], $group['usergroupid'], ($user['usergroupid'] == $group['usergroupid']));
	}
	$admin->row_list($lang->string('Usergroup'), 'usergroupid');
	
	$admin->row_yesno($lang->string('Show Email Publicly'), 'showemail', $user['showemail']);
	
	foreach ($bugsys->datastore['language'] AS $language)
	{
		$admin->list_item($language['title'], $language['languageid'], ($user['languageid'] == $language['languageid']));
	}
	$admin->row_list($lang->string('Language'), 'languageid');
	
	foreach ($datef->fetch_timezone_list() AS $value => $string)
	{
		$admin->list_item($string, $value, ($user['timezone'] == $value));
	}
	$admin->row_list($lang->string('Timezone'), 'timezone');
	
	$admin->row_submit(($edit ? '<a href="user.php?do=delete&amp;userid=' . $user['userid'] . '">[' . $lang->string('Delete') . ']</a>' : ''), ':save:', ':reset:', 4);
	
	$admin->table_end();
	$admin->form_end();
	
	$admin->page_end();
}

// ###################################################################

if ($_REQUEST['do'] == 'search')
{
	$fail = false;
	
	if (is_numeric($bugsys->in['userdata']))
	{
		if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userdata'])))
		{
			header('Location: user.php?do=edit&userid=' . intval($bugsys->in['userdata']));
		}
		else
		{
			$fail = true;
		}
	}
	else
	{
		$bugsys->in['userdata'] = str_replace('%', '\%', $bugsys->in['userdata']);
		$results = $db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . $bugsys->in['userdata'] . "%' OR displayname LIKE '%" . $bugsys->in['userdata'] . "%'");
		
		if ($db->num_rows($results) < 1)
		{
			$fail = true;
		}
		else
		{
			$admin->page_start($lang->string('Search Results'));
			
			$admin->table_start();
			$admin->table_head($lang->string('Search Results'), 4);
			$admin->table_column_head(array($lang->string('Display Name'), $lang->string('Email'), $lang->string('User ID'), $lang->string('Actions')));
			
			while ($row = $db->fetch_array($results))
			{
				$admin->row_multi_item(array(
					$row['displayname'] => 'l',
					$row['email'] => 'c',
					$row['userid'] => 'c',
					'<a href="user.php?do=edit&amp;userid=' . $row['userid'] . '">[' . $lang->string('Edit') . ']</a>' => 'c'
				));
			}
			
			$admin->table_end();
			
			$admin->page_end();
		}
	}
	
	if ($fail)
	{
		$admin->error($lang->string('Sorry, we could not find any users that matched your criteria.'));
	}
}

// ###################################################################

if ($_REQUEST['do'] == 'modify')
{
	$admin->page_start($lang->string('User Search'));
	
	$admin->form_start('user.php', 'search');
	$admin->table_start(true, '45%');
	
	$admin->table_head($lang->string('User Search'));
	$admin->row_input($lang->string('Display Name/Email/User ID'), 'userdata');
	
	$admin->row_submit('', ':save:', '');
	
	$admin->table_end();
	$admin->form_end();
	
	$admin->page_end();
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>