2 /****************************************************************************/
\r
4 /****************************************************************************/
\r
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton */
\r
6 /* Adaptive Technology Resource Centre / University of Toronto */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate(AT_ADMIN_PRIV_ADMIN);
\r
19 if ($_GET['login'] == $_SESSION['login']) {
\r
20 $msg->addError('ADMIN_EDIT_OWN_ACCOUNT');
\r
21 header('Location: index.php');
\r
25 if (isset($_POST['cancel'])) {
\r
26 $msg->addFeedback('CANCELLED');
\r
27 header('Location: index.php');
\r
29 } else if (isset($_POST['submit'])) {
\r
30 $missing_fields = array();
\r
32 /* email validation */
\r
33 if ($_POST['email'] == '') {
\r
34 $missing_fields[] = _AT('email');
\r
35 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
36 $msg->addError('EMAIL_INVALID');
\r
38 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
\r
39 if (mysql_num_rows($result) != 0) {
\r
41 $msg->addError('EMAIL_EXISTS');
\r
46 if (isset($_POST['priv_admin'])) {
\r
47 // overrides all above.
\r
48 $priv = AT_ADMIN_PRIV_ADMIN;
\r
49 } else if (isset($_POST['privs'])) {
\r
50 foreach ($_POST['privs'] as $value) {
\r
51 $priv += intval($value);
\r
54 $_POST['privs'] = $priv;
\r
56 if ($missing_fields) {
\r
57 $missing_fields = implode(', ', $missing_fields);
\r
58 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
61 if (!$msg->containsErrors()) {
\r
62 $_POST['login'] = $addslashes($_POST['login']);
\r
63 $_POST['real_name'] = $addslashes($_POST['real_name']);
\r
64 $_POST['email'] = $addslashes($_POST['email']);
\r
66 $sql = "UPDATE ".TABLE_PREFIX."admins SET real_name='$_POST[real_name]', email='$_POST[email]', `privileges`=$priv, last_login=last_login WHERE login='$_POST[login]'";
\r
67 $result = mysql_query($sql, $db);
\r
69 $sql = "UPDATE ".TABLE_PREFIX."admins SET real_name='$_POST[real_name]', email='$_POST[email]', `privileges`=$priv WHERE login='$_POST[login]'";
\r
71 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
\r
73 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
\r
74 header('Location: index.php');
\r
77 $_POST['login'] = $stripslashes($_POST['login']);
\r
78 $_POST['real_name'] = $stripslashes($_POST['real_name']);
\r
79 $_POST['email'] = $stripslashes($_POST['email']);
\r
82 require(AT_INCLUDE_PATH.'header.inc.php');
\r
84 $_GET['login'] = $addslashes($_REQUEST['login']);
\r
86 $sql = "SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_GET[login]'";
\r
87 $result = mysql_query($sql, $db);
\r
88 if (!($row = mysql_fetch_assoc($result))) {
\r
89 $msg->addError('USER_NOT_FOUND');
\r
90 $msg->printErrors();
\r
91 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
94 if (!isset($_POST['submit'])) {
\r
96 if (query_bit($row['privileges'], AT_ADMIN_PRIV_ADMIN)) {
\r
97 $_POST['priv_admin'] = 1;
\r
99 $_POST['privs'] = intval($row['privileges']);
\r
103 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">
\r
104 <input type="hidden" name="login" value="<?php echo $row['login']; ?>" />
\r
105 <div class="input-form">
\r
107 <h3><?php echo $row['login']; ?></h3>
\r
111 <label for="real_name"><?php echo _AT('real_name'); ?></label><br />
\r
112 <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />
\r
116 <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="email"><?php echo _AT('email'); ?></label><br />
\r
117 <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />
\r
121 <?php echo _AT('privileges'); ?><br />
\r
122 <input type="checkbox" name="priv_admin" value="1" id="priv_admin" <?php if ($_POST['priv_admin']) { echo 'checked="checked"'; } ?> /><label for="priv_admin"><?php echo _AT('priv_admin_super'); ?></label><br /><br />
\r
125 $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);
\r
126 $keys = array_keys($module_list);
\r
129 <?php foreach ($keys as $module_name): ?>
\r
130 <?php $module =& $module_list[$module_name]; ?>
\r
131 <?php if (!($module->getAdminPrivilege() > 1)) { continue; } ?>
\r
132 <input type="checkbox" name="privs[]" value="<?php echo $module->getAdminPrivilege(); ?>" id="priv_<?php echo $module->getAdminPrivilege(); ?>" <?php if (query_bit($_POST['privs'], $module->getAdminPrivilege())) { echo 'checked="checked"'; } ?> /><label for="priv_<?php echo $module->getAdminPrivilege(); ?>"><?php echo $module->getName(); ?></label><br />
\r
133 <?php endforeach; ?>
\r
136 <div class="row buttons">
\r
137 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" <?php if ($_POST['priv_admin'] != 1) { echo 'onclick="return checkAdmin();"'; } ?> />
\r
138 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
\r
143 <script language="javascript" type="text/javascript">
\r
145 function checkAdmin() {
\r
146 if (document.form.priv_admin.checked == true) {
\r
147 return confirm('<?php echo _AT('confirm_admin_create'); ?>');
\r
155 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>