account.php 4.29 KB
Newer Older
1
<?php
pjmattal's avatar
pjmattal committed
2

3
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
pjmattal's avatar
pjmattal committed
4

5
6
include_once('aur.inc.php');         # access AUR common functions
include_once('acctfuncs.inc.php');   # access Account specific functions
7

eric's avatar
eric committed
8
set_lang();                 # this sets up the visitor's language
eric's avatar
eric committed
9
check_sid();                # see if they're still logged in
eric's avatar
eric committed
10

11
12
13
14
15
16
17
18
$action = in_request("Action");

$need_userinfo = array(
	"DisplayAccount", "DeleteAccount", "AccountInfo", "UpdateAccount"
);

if (in_array($action, $need_userinfo)) {
	$row = account_details(in_request("ID"), in_request("U"));
19
	$PK = implode("\n", account_get_ssh_keys($row["ID"]));
20
21
}

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
/* This has to be done before the navigation headers are written,
 * because html_header() fetches the current username from the database,
 * which could be changed by process_account_form()
 */
if ($action == "UpdateAccount") {
	$update_account_message = '';
	/* Details for account being updated */
	/* Verify user permissions and that the request is a valid POST */
	if (can_edit_account($row) && check_token()) {
		/* Update the details for the existing account */
		list($success, $update_account_message) = process_account_form(
			"edit", "UpdateAccount",
			in_request("U"), in_request("T"), in_request("S"),
			in_request("E"), in_request("P"), in_request("C"),
			in_request("R"), in_request("L"), in_request("I"),
			in_request("K"), in_request("PK"), in_request("J"),
			in_request("ID"), $row["Username"]);
	}
}

42
43
44
45
46
if ($action == "AccountInfo") {
	html_header(__('Account') . ' ' . $row['Username']);
} else {
	html_header(__('Accounts'));
}
eric's avatar
eric committed
47
48

# Main page processing here
eric's avatar
eric committed
49
#
50
echo "<div class=\"box\">\n";
51
echo "  <h2>".__("Accounts")."</h2>\n";
eliott's avatar
eliott committed
52

eric's avatar
eric committed
53
if (isset($_COOKIE["AURSID"])) {
Dan McGee's avatar
Dan McGee committed
54
	if ($action == "SearchAccounts") {
55
56

		# security check
eric's avatar
eric committed
57
		#
Lukas Fleischer's avatar
Lukas Fleischer committed
58
		if (has_credential(CRED_ACCOUNT_SEARCH)) {
59
60
			# the user has entered search criteria, find any matching accounts
			#
Lukas Fleischer's avatar
Lukas Fleischer committed
61
			search_results_page(in_request("O"), in_request("SB"),
Dan McGee's avatar
Dan McGee committed
62
					in_request("U"), in_request("T"), in_request("S"),
63
64
					in_request("E"), in_request("R"), in_request("I"),
					in_request("K"));
eric's avatar
eric committed
65
66

		} else {
67
68
			# a non-privileged user is trying to access the search page
			#
69
			print __("You are not allowed to access this area.")."<br />\n";
eric's avatar
eric committed
70
71
		}

Dan McGee's avatar
Dan McGee committed
72
	} elseif ($action == "DisplayAccount") {
eric's avatar
eric committed
73
74
		# the user has clicked 'edit', display the account details in a form
		#
canyonknight's avatar
canyonknight committed
75
		if (empty($row)) {
eric's avatar
eric committed
76
77
			print __("Could not retrieve information for the specified user.");
		} else {
78
			/* Verify user has permission to edit the account */
Lukas Fleischer's avatar
Lukas Fleischer committed
79
80
			if (can_edit_account($row)) {
				display_account_form("UpdateAccount", $row["Username"],
81
					$row["AccountTypeID"], $row["Suspended"], $row["Email"],
82
					"", "", $row["RealName"], $row["LangPreference"],
83
					$row["IRCNick"], $row["PGPKey"], $PK,
84
					$row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]);
85
86
			} else {
				print __("You do not have permission to edit this account.");
eric's avatar
eric committed
87
88
			}
		}
eric's avatar
eric committed
89

90
91
	} elseif ($action == "DeleteAccount") {
		/* Details for account being deleted. */
92
93
		if (can_edit_account($row)) {
			$UID = $row['ID'];
94
			if (in_request('confirm') && check_token()) {
95
96
97
				user_delete($UID);
				header('Location: /');
			} else {
98
				$username = $row['Username'];
99
100
101
102
103
				include("account_delete.php");
			}
		} else {
			print __("You do not have permission to edit this account.");
		}
Dan McGee's avatar
Dan McGee committed
104
	} elseif ($action == "AccountInfo") {
105
106
		# no editing, just looking up user info
		#
canyonknight's avatar
canyonknight committed
107
		if (empty($row)) {
108
109
			print __("Could not retrieve information for the specified user.");
		} else {
110
			include("account_details.php");
111
		}
canyonknight's avatar
canyonknight committed
112

Dan McGee's avatar
Dan McGee committed
113
	} elseif ($action == "UpdateAccount") {
114
115
116
117
118
119
120
		print $update_account_message;

		if (!$success) {
			display_account_form("UpdateAccount", in_request("U"), in_request("T"),
				in_request("S"), in_request("E"), in_request("P"), in_request("C"),
				in_request("R"), in_request("L"), in_request("I"), in_request("K"),
				in_request("PK"), in_request("J"), in_request("ID"), $row["Username"]);
121
		}
122

eric's avatar
eric committed
123
	} else {
Lukas Fleischer's avatar
Lukas Fleischer committed
124
		if (has_credential(CRED_ACCOUNT_SEARCH)) {
125
126
			# display the search page if they're a TU/dev
			#
127
			print __("Use this form to search existing accounts.")."<br />\n";
128
			include('search_accounts_form.php');
eric's avatar
eric committed
129

130
		} else {
131
			print __("You are not allowed to access this area.");
132
		}
eric's avatar
eric committed
133
134
135
136
137
	}

} else {
	# visitor is not logged in
	#
138
	print __("You must log in to view user information.");
eric's avatar
eric committed
139
}
eric's avatar
eric committed
140

eliott's avatar
eliott committed
141
142
echo "</div>";

143
html_footer(AURWEB_VERSION);
144

eric's avatar
eric committed
145
?>