"User", 50 => "Devel", 100 => "Admin" ); // // 'account_header()' - Show standard account page header... // function account_header($title) { html_header("$title"); html_start_links(1); html_link("$title", "$PHP_SELF?L"); html_link("Manage Accounts", "$PHP_SELF?A"); html_link("Manage Comments", "comment.php?l"); html_link("Change Password", "$PHP_SELF?P"); html_link("Logout", "$PHP_SELF?X"); html_end_links(); print("

$title

\n"); } if ($argc == 1 && $argv[0] == "X") auth_logout(); if ($LOGIN_USER == "") { header("Location: login.php"); exit(0); } if ($argc >= 1) { $op = $argv[0][0]; $data = substr($argv[0], 1); } else $op = "L"; switch ($op) { case 'A' : // Manage accounts... if ($data == "add") { if ($REQUEST_METHOD == "POST") { // Get data from form... if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 1; if (array_key_exists("NAME", $_POST)) $name = $_POST["NAME"]; else $name = ""; if (array_key_exists("EMAIL", $_POST)) $email = $_POST["EMAIL"]; else $email = ""; if (array_key_exists("PASSWORD", $_POST)) $password = $_POST["PASSWORD"]; else $password = ""; if (array_key_exists("PASSWORD2", $_POST)) $password2 = $_POST["PASSWORD2"]; else $password2 = ""; if (array_key_exists("LEVEL", $_POST)) $level = (int)$_POST["LEVEL"]; else $level = 0; if ($name != "" && $email != "" && (($password == "" && $password2 == "") || $password == $password2)) $havedata = 1; else $havedata = 0; } else { // Use blank account info... $name = ""; $is_published = 0; $email = $row["email"]; $level = $row["level"]; $password = ""; $password2 = ""; $havedata = 0; } account_header("Manage Accounts"); if ($havedata) { // Store new data... $hash = md5("$name:$password"); $name = db_escape($name); $email = db_escape($email); $date = time(); db_query("INSERT INTO users VALUES(NULL,$is_published," ."'$name','$email','$hash',$level,$date,'$LOGIN_USER'," ."$date,'$LOGIN_USER')"); print("

Account added successfully!

\n"); html_start_links(1); html_link("Return to Manage Accounts", "$PHP_SELF?A"); html_end_links(); } else { $name = htmlspecialchars($name, ENT_QUOTES); $email = htmlspecialchars($email, ENT_QUOTES); print("

" ."

\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."\n" ."
Published: "); select_is_published($is_published); print("
Username:
EMail:
Access Level:
Password:
Password Again:
" ."

Published:	"); select_is_published($is_published); print("
Username:
EMail:
Access Level:
Password:
Password Again:
	" ."

\n"); } html_footer(); } else if ($data == "disable") { // Disable accounts... if ($REQUEST_METHOD == "POST") { db_query("BEGIN TRANSACTION"); reset($_POST); while (list($key, $val) = each($_POST)) if (substr($key, 0, 3) == "ID_") { $id = (int)substr($key, 3); db_query("UPDATE users SET is_published = 0 WHERE id = $id"); } db_query("COMMIT TRANSACTION"); } header("Location: $PHP_SELF?A"); } else if ($data == "modify") { // Modify account... if ($argc != 2 || $argv[1] == "") { header("Location: $PHP_SELF?A"); exit(); } $name = $argv[1]; if ($REQUEST_METHOD == "POST") { // Get data from form... if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 1; if (array_key_exists("EMAIL", $_POST)) $email = $_POST["EMAIL"]; else $email = ""; if (array_key_exists("PASSWORD", $_POST)) $password = $_POST["PASSWORD"]; else $password = ""; if (array_key_exists("PASSWORD2", $_POST)) $password2 = $_POST["PASSWORD2"]; else $password2 = ""; if (array_key_exists("LEVEL", $_POST)) $level = (int)$_POST["LEVEL"]; else $level = 0; if ($email != "" && (($password == "" && $password2 == "") || $password == $password2)) $havedata = 1; else $havedata = 0; } else { // Get data from existing account... $result = db_query("SELECT * FROM users WHERE " ."name='" . db_escape($name) ."'"); if (db_count($result) != 1) { header("Location: $PHP_SELF?A"); exit(); } $row = db_next($result); $is_published = $row["is_published"]; $email = $row["email"]; $level = $row["level"]; $password = ""; $password2 = ""; $havedata = 0; db_free($result); } account_header("Manage Accounts"); if ($havedata) { // Store new data... if ($password != "") $hash = ", hash='" . md5("$name:$password") . "'"; else $hash = ""; $name = db_escape($name); $email = db_escape($email); $date = time(); db_query("UPDATE users SET " ."email='$email'$hash, level='$level', " ."is_published=$is_published, modify_user='$LOGIN_USER', " ."modify_date = $date WHERE name='$name'"); print("

Account modified successfully!

" ."

\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."\n" ."
Published: "); select_is_published($is_published); print("
Username: $name
EMail:
Access Level: "); if ($LOGIN_USER == $name) print("" . $levels[$level]); else { print(""); } print("
Password:
Password Again:
" ."

Published:	"); select_is_published($is_published); print("
Username:	$name
EMail:
Access Level:	"); if ($LOGIN_USER == $name) print("" . $levels[$level]); else { print(""); } print("
Password:
Password Again:
	" ."

\n"); } html_footer(); } else { // List accounts... account_header("Manage Accounts"); $result = db_query("SELECT * FROM users ORDER BY name"); print("

\n"); html_start_table(array("Username", "EMail", "Level")); while ($row = db_next($result)) { $name = htmlspecialchars($row["name"], ENT_QUOTES); $email = htmlspecialchars($row["email"], ENT_QUOTES); $level = $levels[$row["level"]]; if ($row["is_published"] == 0) $email .= "

"; html_start_row(); print("" ."$name" ."" ."$email" ."" ."$level"); html_end_row(); } html_start_row("header"); print("
"); html_end_row(); html_end_table(); html_start_links(1); html_link("Add Account", "$PHP_SELF?Aadd"); html_end_links(); html_footer(); } break; case 'L' : // List account_header("New/Pending"); $email = db_escape($_COOKIE["FROM"]); print("

New/Pending Articles:

\n"); $result = db_query("SELECT * FROM article WHERE is_published = 0 " ."ORDER BY modify_date"); $count = db_count($result); if ($count == 0) print("

No new/pending articles found.

\n"); else { html_start_table(array("Id", "Title", "Last Updated")); while ($row = db_next($result)) { $id = $row['id']; $title = htmlspecialchars($row['title'], ENT_QUOTES) . "

"; $abstract = htmlspecialchars($row['abstract'], ENT_QUOTES); $date = date("M d, Y", $row['modify_date']); html_start_row(); print("$id" ."$title" ."$date"); html_end_row(); html_start_row(); print("$abstract"); html_end_row(); } html_end_table(); } db_free($result); print("

New/Pending STRs:

\n"); $result = db_query("SELECT * FROM str WHERE status >= $STR_STATUS_PENDING " ."AND (manager_email == '' OR manager_email = '$email') " ."ORDER BY status DESC, priority DESC, scope DESC, " ."modify_date"); $count = db_count($result); if ($count == 0) print("

No new/pending STRs found.

\n"); else { html_start_table(array("Id", "Priority", "Status", "Scope", "Summary", "Version", "Last Updated", "Assigned To")); while ($row = db_next($result)) { $date = date("M d, Y", $row['modify_date']); $summary = htmlspecialchars($row['summary'], ENT_QUOTES); $summabbr = htmlspecialchars(abbreviate($row['summary'], 80), ENT_QUOTES); $prtext = $priority_text[$row['priority']]; $sttext = $status_text[$row['status']]; $sctext = $scope_text[$row['scope']]; if ($row['is_published'] == 0) $summabbr .= "

"; html_start_row(); print("" ."" ."$row[id]" ."$prtext" ."$sttext" ."$sctext" ."$summabbr" ."$row[str_version]" ."$date"); if ($row['manager_email'] != "") $email = sanitize_email($row['manager_email']); else $email = "Unassigned"; print("$email"); html_end_row(); } html_end_table(); } db_free($result); html_footer(); break; case 'P' : // Change password account_header("Change Password"); if ($REQUEST_METHOD == "POST" && array_key_exists("PASSWORD", $_POST) && array_key_exists("PASSWORD2", $_POST) && $_POST["PASSWORD"] == $_POST["PASSWORD2"]) { // Store new password and re-login... print("

Password changed successfully!

\n"); } else { print("" ."

\n" ."" ."\n" ."" ."\n" ."\n" ."
Password:
Password Again:
" ."

\n"); } html_footer(); break; } // // End of "$Id: account.php,v 1.7 2004/05/19 02:57:18 mike Exp $". // ?>