* @license http://www.contenido.org/license/LIZENZ.txt
* @link http://www.4fb.de
* @link http://www.contenido.org
* @since file available since contenido release <= 4.6
*
* {@internal
* created 2003-04-30
* modified 2008-06-24, Timo Trautmann, storage for valid from valid to added
* modified 2008-06-27, Frederic Schneider, add security fix
* modified 2008-08-26, Timo Trautmann - fixed CON-200 - User can only get lang rights, if he has client access
* modified 2008-10-??, Bilal Arslan - direct DB user modifications are now encapsulated in new ConUser class
* modified 2008-11-17, Holger Librenz - method calls for new user object modified, comments updated
* modified 2009-11-06, Murat Purc, replaced deprecated functions (PHP 5.3 ready)
* modified 2011-02-07, Murat Purc, Cleanup, optimization and formatting
*
* $Id$:
* }}
*
* TODO error handling!!!
* TODO export functions to new ConUser object!
*/
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
cInclude('includes', 'functions.rights.php');
if (!($perm->have_perm_area_action($area, $action) || $perm->have_perm_area_action('user', $action))) {
// access denied
$notification->displayNotification("error", i18n("Permission denied"));
return;
}
if (!isset($userid)) {
// no user id, get out here
return;
}
$aPerms = array();
$bError = false;
$sNotification = '';
// delete user
if ($action == 'user_delete') {
$oUsers = new Users();
$oUsers->deleteUserByID($userid);
$sql = "DELETE FROM " . $cfg["tab"]["groupmembers"]
. " WHERE user_id = '" . Contenido_Security::escapeDB($userid, $db) . "'";
$db->query($sql);
$sql = "DELETE FROM " . $cfg["tab"]["rights"]
. " WHERE user_id = '" . Contenido_Security::escapeDB($userid, $db) . "'";
$db->query($sql);
$sNotification = $notification->displayNotification("info", i18n("User deleted"));
$sTemplate = '
{NOTIFICATION}
';
$tpl->reset();
$tpl->set('s', 'NOTIFICATION', $sNotification);
$tpl->generate($sTemplate);
return;
}
// edit user
if ($action == 'user_edit') {
$aPerms = buildUserOrGroupPermsFromRequest();
// update user values
// New Class User, update password and other values
$oConUser = new ConUser($cfg, $db);
$oConUser->setUserId($userid);
$oConUser->setRealName($realname);
$oConUser->setMail($email);
$oConUser->setTelNumber($telephone);
$oConUser->setAddressData($address_street, $address_city, $address_zip, $address_country);
$oConUser->setUseTiny($wysi);
$oConUser->setValidDateFrom($valid_from);
$oConUser->setValidDateTo($valid_to);
$oConUser->setPerms($aPerms);
// is a password set?
$bPassOk = false;
if (strlen($password) > 0) {
// yes --> check it...
if (strcmp($password, $passwordagain) == 0) {
// set password....
$iPasswordSaveResult = $oConUser->setPassword($password);
// fine, passwords are the same, but is the password valid?
if ($iPasswordSaveResult != iConUser::PASS_OK) {
// oh oh, password is NOT valid. check it...
$sPassError = ConUser::getErrorString($iPasswordSaveResult, $cfg);
$sNotification = $notification->returnNotification("error", $sPassError);
$bError = true;
} else {
$bPassOk = true;
}
} else {
$sNotification = $notification->returnNotification("error", i18n("Passwords don't match"));
$bError = true;
}
}
if (strlen($password) == 0 || $bPassOk == true) {
try {
// save, if no error occured..
if ($oConUser->save()) {
$sNotification = $notification->returnNotification("info", i18n("Changes saved"));
$bError = true;
} else {
$sNotification = $notification->returnNotification("error", i18n("An error occured while saving user info."));
$bError = true;
}
} catch (ConUserException $cue) {
// TODO make check and info ouput better!
$sNotification = $notification->returnNotification("error", i18n("An error occured while saving user info."));
$bError = true;
}
}
}
// TODO port this to new ConUser class!
$oUser = new User();
$oUser->loadUserByUserID(Contenido_Security::escapeDB($userid, $db));
// delete user property
if (!empty($del_userprop_type)
&& !empty($del_userprop_name)
&& is_string($del_userprop_type)
&& is_string($del_userprop_name)) {
$oUser->deleteUserProperty($del_userprop_type, $del_userprop_name);
}
// edit user property
if (!empty($userprop_type)
&& !empty($userprop_name)
&& is_string($userprop_type)
&& is_string($userprop_name)
&& is_string($userprop_value)) {
$oUser->setUserProperty($userprop_type, $userprop_name, $userprop_value);
}
if (count($aPerms) == 0 || $action == '' || !isset($action)) {
$aPerms = explode(',', $oUser->getField('perms'));
}
$tpl->reset();
$tpl->set('s', 'SID', $sess->id);
$tpl->set('s', 'NOTIFICATION', $sNotification);
$form = '