AppDB Modified edituser.php

Wed Apr 21 17:25:11 CDT 2004

There was no way to add administrative privilages to a user this patch fixes
that problem. Also the previously unused functions addpriv() and delpriv() 
needed fixing.

Change log: change edituser.php to allow editing of administrative 
privilages.

Files changed: edituser.php
               user.php
-- 
Tony Lambregts

Index: edituser.php
===================================================================
RCS file: /home/wine/appdb/edituser.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 edituser.php

--- edituser.php	15 Mar 2004 16:22:00 -0000	1.1.1.1
+++ edituser.php	21 Apr 2004 21:14:01 -0000
@@ -1,55 +1,116 @@
 <?
-
+    
 include("path.php");
 include(BASE."include/"."incl.php");
-include(BASE."include/"."tableve.php");
-include(BASE."include/"."qclass.php");
 
-if(!havepriv("admin"))
+if(!loggedin())
 {
-    errorpage();
+    errorpage("You must be logged in to edit preferences");
     exit;
 }
-
-
-$user_fields = array("stamp", "userid", "username", "password", "realname", "email", "created", "status");
-
-function make_fields($fields, $prefix)
+if(!havepriv("admin"))
 {
-    $arr = array();
-    while(list($idx, $field) = each($fields))
-	$arr[] = "$prefix.$field";
-    return $arr;
+    errorpage("You do not have sufficient rights to edit users");
+    exit;
 }
+    $user = new User();
+    $result = mysql_query("SELECT stamp, userid, username, realname, ".
+			      "created, status, perm FROM user_list WHERE ".
+			      "userid = '$userid'", $user->link);
+    if(!$result)
+    {
+        errorpage("You must be logged in to edit preferences");
+        exit;
+    }
 
 
+    list($user->stamp, $user->userid, $user->username, $user->realname, 
+	 $user->created, $status, $perm) = mysql_fetch_row($result);
 
-apidb_header("Edit User");
-
-$t = new TableVE("edit");
+    global $ext_username, $ext_password1, $ext_password2, $ext_realname, $ext_email, $ext_hasadmin;
 
 if($HTTP_POST_VARS)
 {
-    $t->update($HTTP_POST_VARS);
+    if ($ext_password == $ext_password2)
+    {
+        $passwd = $ext_password;
+    }
+    else if ($ext_password)
+    {
+        addmsg("The Passwords you entered did not match.", "red");
+    }
+    
+    if ($user->update($userid, $passwd, $ext_realname, $ext_email))
+    {
+        addmsg("Preferences Updated", "green");
+    }
+    else
+    {
+        addmsg("There was a problem updating the user's info", "red");
+    }
+    if($ext_hasadmin=="on")
+        $user->addpriv("admin");
+    else
+        $user->delpriv("admin");
 }
-else
+
 {
-    $qc = new qclass();
-    $qc->add_fields(make_fields($user_fields, "user_list"));
-    if($username)
-	$qc->add_where("username = '$username'");
-    else
-	$qc->add_where("userid = $userid");
-    $qc->resolve();
+    // show form
 
-    $query = $qc->get_query();
 
-    if(debugging())
-	echo "$query <br><br>\n";
+    apidb_header("Edit User");
 
-    $t->edit($query);
+    echo "<form method=post action='edituser.php'>\n";
+    echo html_frame_start("Data for user ID $userid", "80%");
+    echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'");
+    
+
+   
+    $ext_username = $user->lookup_username($userid);
+    $ext_realname = $user->lookup_realname($userid);
+    $ext_email    = $user->lookup_email($userid);
+    if($user->checkpriv("admin"))
+        $ext_hasadmin = 'checked="true"';
+    else
+        $ext_hasadmin = "";
+      
+
+?>
+    <input type="hidden" name="userid" value="<?=$userid?>">
+    <tr>
+        <td> &nbsp; User Name </td>
+	<td> <b> <?=$ext_username?> </b> </td>
+    </tr>
+    <tr>
+	<td> &nbsp; Password </td>
+	<td> <input type="password" name="ext_password"> </td>
+    </tr>
+    <tr>
+        <td> &nbsp; Password (again) </td>
+	<td> <input type="password" name="ext_password2"> </td>
+    </tr>
+    <tr>
+	<td> &nbsp; Real Name </td>
+	<td> <input type="text" name="ext_realname" value="<?=$ext_realname?>"> </td>
+    </tr>
+    <tr>
+	<td> &nbsp; Email Address </td>
+	<td> <input type="text" name="ext_email" value="<?=$ext_email?>"> </td>
+    </tr>
+    <tr>
+	<td> &nbsp; Administrator </td>
+	<td> <input type="checkbox" name="ext_hasadmin" "<?=$ext_hasadmin?>"> </td>
+    </tr>
+    <tr>
+	<td colspan=2>&nbsp;</td>
+    </tr>
+<?
+
+    echo html_table_end();
+    echo html_frame_end();
+    echo "<br> <div align=center> <input type=submit value='Update'> </div> <br>\n";
+    echo "</form>\n";
 }
 
 apidb_footer();
-
 ?>
Index: include/user.php
===================================================================
RCS file: /home/wine/appdb/include/user.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 user.php
--- include/user.php	15 Mar 2004 16:22:03 -0000	1.1.1.1
+++ include/user.php	21 Apr 2004 21:14:30 -0000
@@ -229,8 +229,7 @@
 	    return 1;
 
 	$result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')", $this->link);
-    
-	return mysql_affected_rows($result);
+        return $result;
     }
 
     function delpriv($priv)
@@ -239,7 +238,7 @@
             return 0;
 
         $result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link);
-	return mysql_num_rows($result);
+	return $result;
     }
 
     



