2 /****************************************************************************/
\r
4 /****************************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate(AT_ADMIN_PRIV_ADMIN);
\r
19 if ($_GET['login'] == $_SESSION['login']) {
\r
20 $msg->addError('ADMIN_EDIT_OWN_ACCOUNT');
\r
21 header('Location: index.php');
\r
25 if (isset($_POST['cancel'])) {
\r
26 $msg->addFeedback('CANCELLED');
\r
27 header('Location: index.php');
\r
29 } else if (isset($_POST['submit'])) {
\r
30 $missing_fields = array();
\r
32 /* email validation */
\r
33 if ($_POST['email'] == '') {
\r
34 $missing_fields[] = _AT('email');
\r
35 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
36 $msg->addError('EMAIL_INVALID');
\r
38 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
\r
39 if (mysql_num_rows($result) != 0) {
\r
41 $msg->addError('EMAIL_EXISTS');
\r
46 if (isset($_POST['priv_admin'])) {
\r
47 // overrides all above.
\r
48 $priv = AT_ADMIN_PRIV_ADMIN;
\r
49 } else if (isset($_POST['privs'])) {
\r
50 foreach ($_POST['privs'] as $value) {
\r
51 $priv += intval($value);
\r
54 $_POST['privs'] = $priv;
\r
56 if ($missing_fields) {
\r
57 $missing_fields = implode(', ', $missing_fields);
\r
58 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
61 if (!$msg->containsErrors()) {
\r
62 $_POST['login'] = $addslashes($_POST['login']);
\r
63 $_POST['real_name'] = $addslashes($_POST['real_name']);
\r
64 $_POST['email'] = $addslashes($_POST['email']);
\r
66 $sql = "UPDATE ".TABLE_PREFIX."admins SET real_name='$_POST[real_name]', email='$_POST[email]', `privileges`=$priv, last_login=last_login WHERE login='$_POST[login]'";
\r
67 $result = mysql_query($sql, $db);
\r
69 $sql = "UPDATE ".TABLE_PREFIX."admins SET real_name='$_POST[real_name]', email='$_POST[email]', `privileges`=$priv WHERE login='$_POST[login]'";
\r
71 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
\r
73 $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
\r
74 header('Location: index.php');
\r
77 $_POST['login'] = $stripslashes($_POST['login']);
\r
78 $_POST['real_name'] = $stripslashes($_POST['real_name']);
\r
79 $_POST['email'] = $stripslashes($_POST['email']);
\r
82 require(AT_INCLUDE_PATH.'header.inc.php');
\r
84 $_GET['login'] = $addslashes($_REQUEST['login']);
\r
86 $sql = "SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_GET[login]'";
\r
87 $result = mysql_query($sql, $db);
\r
88 if (!($row = mysql_fetch_assoc($result))) {
\r
89 $msg->addError('USER_NOT_FOUND');
\r
90 $msg->printErrors();
\r
91 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
94 if (!isset($_POST['submit'])) {
\r
96 if (query_bit($row['privileges'], AT_ADMIN_PRIV_ADMIN)) {
\r
97 $_POST['priv_admin'] = 1;
\r
99 $_POST['privs'] = intval($row['privileges']);
\r
103 $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);
\r
104 $keys = array_keys($module_list);
\r
108 <script language="javascript" type="text/javascript">
\r
110 function checkAdmin() {
\r
111 if (document.form.priv_admin.checked == true) {
\r
112 return confirm('<?php echo _AT('confirm_admin_create'); ?>');
\r
121 $savant->assign('keys', $keys);
\r
122 $savant->assign('module_list', $module_list);
\r
123 $savant->display('admin/users/edit.tmpl.php');
\r
124 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>