account.php 5.58 KB
Newer Older
1
<?php
pjmattal's avatar
pjmattal committed
2

3
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
pjmattal's avatar
pjmattal committed
4

5
6
include_once('aur.inc.php');         # access AUR common functions
include_once('acctfuncs.inc.php');   # access Account specific functions
7

8
9
10
$action = in_request("Action");

$need_userinfo = array(
11
	"DisplayAccount", "DeleteAccount", "AccountInfo", "UpdateAccount", "ListComments"
12
13
14
15
);

if (in_array($action, $need_userinfo)) {
	$row = account_details(in_request("ID"), in_request("U"));
16
	$PK = implode("\n", account_get_ssh_keys($row["ID"]));
17
18
}

19
20
21
22
23
/* This has to be done before the navigation headers are written,
 * because html_header() fetches the current username from the database,
 * which could be changed by process_account_form()
 */
if ($action == "UpdateAccount") {
24
	$success = false;
25
26
27
28
29
30
31
	$update_account_message = '';
	/* Details for account being updated */
	/* Verify user permissions and that the request is a valid POST */
	if (can_edit_account($row) && check_token()) {
		/* Update the details for the existing account */
		list($success, $update_account_message) = process_account_form(
			"edit", "UpdateAccount",
32
33
34
35
36
			in_request("U"),
			in_request("T"),
			in_request("S"),
			in_request("E"),
			in_request("H"),
37
			in_request("PO"),
38
39
40
41
			in_request("P"),
			in_request("C"),
			in_request("R"),
			in_request("L"),
Mark Weiman's avatar
Mark Weiman committed
42
			in_request("TZ"),
43
44
45
46
47
48
49
50
51
			in_request("HP"),
			in_request("I"),
			in_request("K"),
			in_request("PK"),
			in_request("J"),
			in_request("CN"),
			in_request("UN"),
			in_request("ON"),
			in_request("ID"),
52
			$row["Username"]);
53
54
55
	}
}

56
57
58
59
60
if ($action == "AccountInfo") {
	html_header(__('Account') . ' ' . $row['Username']);
} else {
	html_header(__('Accounts'));
}
eric's avatar
eric committed
61
62

# Main page processing here
eric's avatar
eric committed
63
#
64
echo "<div class=\"box\">\n";
65
echo "  <h2>".__("Accounts")."</h2>\n";
eliott's avatar
eliott committed
66

eric's avatar
eric committed
67
if (isset($_COOKIE["AURSID"])) {
Dan McGee's avatar
Dan McGee committed
68
	if ($action == "SearchAccounts") {
69
70

		# security check
eric's avatar
eric committed
71
		#
Lukas Fleischer's avatar
Lukas Fleischer committed
72
		if (has_credential(CRED_ACCOUNT_SEARCH)) {
73
74
			# the user has entered search criteria, find any matching accounts
			#
Lukas Fleischer's avatar
Lukas Fleischer committed
75
			search_results_page(in_request("O"), in_request("SB"),
Dan McGee's avatar
Dan McGee committed
76
					in_request("U"), in_request("T"), in_request("S"),
77
78
					in_request("E"), in_request("R"), in_request("I"),
					in_request("K"));
eric's avatar
eric committed
79
80

		} else {
81
82
			# a non-privileged user is trying to access the search page
			#
83
			print __("You are not allowed to access this area.")."<br />\n";
eric's avatar
eric committed
84
85
		}

Dan McGee's avatar
Dan McGee committed
86
	} elseif ($action == "DisplayAccount") {
eric's avatar
eric committed
87
88
		# the user has clicked 'edit', display the account details in a form
		#
canyonknight's avatar
canyonknight committed
89
		if (empty($row)) {
eric's avatar
eric committed
90
91
			print __("Could not retrieve information for the specified user.");
		} else {
92
			/* Verify user has permission to edit the account */
Lukas Fleischer's avatar
Lukas Fleischer committed
93
			if (can_edit_account($row)) {
94
95
96
97
98
99
100
101
102
103
				display_account_form("UpdateAccount",
					$row["Username"],
					$row["AccountTypeID"],
					$row["Suspended"],
					$row["Email"],
					$row["HideEmail"],
					"",
					"",
					$row["RealName"],
					$row["LangPreference"],
Mark Weiman's avatar
Mark Weiman committed
104
					$row["Timezone"],
105
106
107
108
109
110
111
					$row["Homepage"],
					$row["IRCNick"],
					$row["PGPKey"],
					$PK,
					$row["InactivityTS"] ? 1 : 0,
					$row["CommentNotify"],
					$row["UpdateNotify"],
112
					$row["OwnershipNotify"],
113
114
					$row["ID"],
					$row["Username"]);
115
116
			} else {
				print __("You do not have permission to edit this account.");
eric's avatar
eric committed
117
118
			}
		}
eric's avatar
eric committed
119

120
121
	} elseif ($action == "DeleteAccount") {
		/* Details for account being deleted. */
122
		if (can_edit_account($row)) {
123
124
125
126
			$uid_removal = $row['ID'];
			$uid_session = uid_from_sid($_COOKIE['AURSID']);
			$username = $row['Username'];

127
			if (in_request('confirm') && check_token()) {
128
129
130
131
132
133
134
135
136
				if (check_passwd($uid_session, $_REQUEST['passwd']) == 1) {
					user_delete($uid_removal);
					header('Location: /');
				} else {
					echo "<ul class='errorlist'><li>";
					echo __("Invalid password.");
					echo "</li></ul>";
					include("account_delete.php");
				}
137
138
139
140
141
142
			} else {
				include("account_delete.php");
			}
		} else {
			print __("You do not have permission to edit this account.");
		}
Dan McGee's avatar
Dan McGee committed
143
	} elseif ($action == "AccountInfo") {
144
145
		# no editing, just looking up user info
		#
canyonknight's avatar
canyonknight committed
146
		if (empty($row)) {
147
148
			print __("Could not retrieve information for the specified user.");
		} else {
149
			include("account_details.php");
150
		}
canyonknight's avatar
canyonknight committed
151

Dan McGee's avatar
Dan McGee committed
152
	} elseif ($action == "UpdateAccount") {
153
154
155
		print $update_account_message;

		if (!$success) {
156
157
158
159
160
161
162
163
164
165
			display_account_form("UpdateAccount",
				in_request("U"),
				in_request("T"),
				in_request("S"),
				in_request("E"),
				in_request("H"),
				in_request("P"),
				in_request("C"),
				in_request("R"),
				in_request("L"),
Mark Weiman's avatar
Mark Weiman committed
166
				in_request("TZ"),
167
168
169
170
171
172
173
				in_request("HP"),
				in_request("I"),
				in_request("K"),
				in_request("PK"),
				in_request("J"),
				in_request("CN"),
				in_request("UN"),
174
				in_request("ON"),
175
176
				in_request("ID"),
				$row["Username"]);
177
		}
178

179
	} elseif ($action == "ListComments") {
180
		if (has_credential(CRED_ACCOUNT_LIST_COMMENTS, array($row["ID"]))) {
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
			# display the comment list if they're a TU/dev

			$total_comment_count = account_comments_count($row["ID"]);
			list($pagination_templs, $per_page, $offset) = calculate_pagination($total_comment_count);

			$username = $row["Username"];
			$uid = $row["ID"];
			$comments = account_comments($uid, $per_page, $offset);

			$comment_section = "account";
			include('pkg_comments.php');

		} else {
			print __("You are not allowed to access this area.");
		}

eric's avatar
eric committed
197
	} else {
Lukas Fleischer's avatar
Lukas Fleischer committed
198
		if (has_credential(CRED_ACCOUNT_SEARCH)) {
199
200
			# display the search page if they're a TU/dev
			#
201
			print __("Use this form to search existing accounts.")."<br />\n";
202
			include('search_accounts_form.php');
eric's avatar
eric committed
203

204
		} else {
205
			print __("You are not allowed to access this area.");
206
		}
eric's avatar
eric committed
207
208
209
210
211
	}

} else {
	# visitor is not logged in
	#
212
	print __("You must log in to view user information.");
eric's avatar
eric committed
213
}
eric's avatar
eric committed
214

eliott's avatar
eliott committed
215
216
echo "</div>";

217
html_footer(AURWEB_VERSION);
218

eric's avatar
eric committed
219
?>