"User", AUTH_DEVEL => "Devel", AUTH_ADMIN => "Admin" ); // // 'account_header()' - Show standard account page header... // function account_header($title) { global $PHP_SELF, $LOGIN_USER, $LOGIN_LEVEL; html_header("$title"); html_start_links(1); html_link("$LOGIN_USER", "$PHP_SELF"); html_link("Change Password", "$PHP_SELF?P"); if ($LOGIN_LEVEL == AUTH_ADMIN) html_link("Manage Accounts", "$PHP_SELF?A"); if ($LOGIN_LEVEL > AUTH_USER) html_link("New/Pending", "$PHP_SELF?L"); html_link("Logout", "$PHP_SELF?X"); html_end_links(); } if ($argc == 1 && $argv[0] == "X") auth_logout(); if ($LOGIN_USER == "") { header("Location: login.php"); exit(0); } if ($argc >= 1) { $op = $argv[0][0]; $data = substr($argv[0], 1); } else $op = ""; switch ($op) { case 'A' : // Manage accounts... if ($LOGIN_LEVEL < AUTH_ADMIN) { header("Location: $PHP_SELF"); exit(); } if ($data == "add") { if ($REQUEST_METHOD == "POST") { // Get data from form... if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 1; if (array_key_exists("NAME", $_POST)) $name = $_POST["NAME"]; else $name = ""; if (array_key_exists("EMAIL", $_POST)) $email = $_POST["EMAIL"]; else $email = ""; if (array_key_exists("PASSWORD", $_POST)) $password = $_POST["PASSWORD"]; else $password = ""; if (array_key_exists("PASSWORD2", $_POST)) $password2 = $_POST["PASSWORD2"]; else $password2 = ""; if (array_key_exists("LEVEL", $_POST)) $level = (int)$_POST["LEVEL"]; else $level = AUTH_USER; if ($name != "" && $email != "" && (($password == "" && $password2 == "") || $password == $password2)) $havedata = 1; else $havedata = 0; } else { // Use blank account info... $name = ""; $is_published = 0; $email = $row["email"]; $level = $row["level"]; $password = ""; $password2 = ""; $havedata = 0; } account_header("Add Account"); if ($havedata) { // Store new data... $hash = md5("$name:$password"); $name = db_escape($name); $email = db_escape($email); $date = time(); db_query("INSERT INTO users VALUES(NULL,$is_published," ."'$name','$email','$hash',$level,$date,'$LOGIN_USER'," ."$date,'$LOGIN_USER')"); print("

Account added successfully!

\n"); html_start_links(1); html_link("Return to Manage Accounts", "$PHP_SELF?A"); html_end_links(); } else { $name = htmlspecialchars($name, ENT_QUOTES); $email = htmlspecialchars($email, ENT_QUOTES); print("

" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."\n" ."

Published:	"); select_is_published($is_published); print("
Username:
EMail:
Access Level:
Password:
Password Again:
	" ."

\n"); } html_footer(); } else if ($data == "batch") { // Disable/enable/expire/etc. accounts... if ($REQUEST_METHOD == "POST" && array_key_exists("OP", $_POST)) { $op = $_POST["OP"]; db_query("BEGIN TRANSACTION"); reset($_POST); while (list($key, $val) = each($_POST)) if (substr($key, 0, 3) == "ID_") { $id = (int)substr($key, 3); if ($op == "disable") db_query("UPDATE users SET is_published = 0 WHERE id = $id"); else if ($op == "enable") db_query("UPDATE users SET is_published = 1 WHERE id = $id"); } db_query("COMMIT TRANSACTION"); } header("Location: $PHP_SELF?A"); } else if ($data == "modify") { // Modify account... if ($argc != 2 || $argv[1] == "") { header("Location: $PHP_SELF?A"); exit(); } $name = $argv[1]; if ($REQUEST_METHOD == "POST") { // Get data from form... if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 1; if (array_key_exists("EMAIL", $_POST)) $email = $_POST["EMAIL"]; else $email = ""; if (array_key_exists("PASSWORD", $_POST)) $password = $_POST["PASSWORD"]; else $password = ""; if (array_key_exists("PASSWORD2", $_POST)) $password2 = $_POST["PASSWORD2"]; else $password2 = ""; if (array_key_exists("LEVEL", $_POST)) $level = (int)$_POST["LEVEL"]; else $level = AUTH_USER; if ($email != "" && (($password == "" && $password2 == "") || $password == $password2)) $havedata = 1; else $havedata = 0; } else { // Get data from existing account... $result = db_query("SELECT * FROM users WHERE " ."name='" . db_escape($name) ."'"); if (db_count($result) != 1) { header("Location: $PHP_SELF?A"); exit(); } $row = db_next($result); $is_published = $row["is_published"]; $email = $row["email"]; $level = $row["level"]; $password = ""; $password2 = ""; $havedata = 0; db_free($result); } account_header("Modify $name"); if ($havedata) { // Store new data... if ($password != "") $hash = ", hash='" . md5("$name:$password") . "'"; else $hash = ""; $name = db_escape($name); $email = db_escape($email); $date = time(); db_query("UPDATE users SET " ."email='$email'$hash, level='$level', " ."is_published=$is_published, modify_user='$LOGIN_USER', " ."modify_date = $date WHERE name='$name'"); print("

Account modified successfully!

" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."" ."\n" ."\n" ."

Published:	"); select_is_published($is_published); print("
Username:	$name
EMail:
Access Level:	"); if ($LOGIN_USER == $name) print("" . $levels[$level]); else { print(""); } print("
Password:
Password Again:
	" ."

\n"); } html_footer(); } else { // List accounts... account_header("Manage Accounts"); $result = db_query("SELECT * FROM users ORDER BY name"); print("

\n"); html_start_table(array("Username", "EMail", "Level")); while ($row = db_next($result)) { $name = htmlspecialchars($row["name"], ENT_QUOTES); $email = htmlspecialchars($row["email"], ENT_QUOTES); $level = $levels[$row["level"]]; if ($row["is_published"] == 0) $email .= "

"; html_start_row(); print("" ."$name" ."" ."$email" ."" ."$level"); html_end_row(); } html_end_table(); print("

" ."

"); html_start_links(1); html_link("Add Account", "$PHP_SELF?Aadd"); html_end_links(); html_footer(); } break; case 'L' : // List if ($LOGIN_LEVEL < AUTH_DEVEL) { header("Location: $PHP_SELF"); exit(); } account_header("New/Pending"); $email = db_escape($_COOKIE["FROM"]); print("

New/Pending Articles:

\n"); $result = db_query("SELECT * FROM article WHERE is_published = 0 " ."ORDER BY modify_date"); $count = db_count($result); if ($count == 0) print("

No new/pending articles found.

\n"); else { html_start_table(array("Id", "Title", "Last Updated")); while ($row = db_next($result)) { $id = $row['id']; $title = htmlspecialchars($row['title'], ENT_QUOTES) . "

"; $abstract = htmlspecialchars($row['abstract'], ENT_QUOTES); $date = date("M d, Y", $row['modify_date']); html_start_row(); print("$id" ."$title" ."$date"); html_end_row(); html_start_row(); print("$abstract"); html_end_row(); } html_end_table(); } db_free($result); print("

New/Pending Links:

\n"); $result = db_query("SELECT * FROM link WHERE is_published = 0 " ."ORDER BY modify_date"); $count = db_count($result); if ($count == 0) print("

No new/pending links found.

\n"); else { html_start_table(array("Id", "Name/Version", "Last Updated")); while ($row = db_next($result)) { $id = $row['id']; $title = htmlspecialchars($row['name'], ENT_QUOTES) . " " . htmlspecialchars($row['version'], ENT_QUOTES) . "

"; $date = date("M d, Y", $row['modify_date']); if ($row["is_category"]) $link = ""; else $link = ""; html_start_row(); print("$link$id" ."$link$title" ."$link$date"); html_end_row(); } html_end_table(); } db_free($result); print("

New/Pending STRs:

\n"); $result = db_query("SELECT * FROM str WHERE status >= $STR_STATUS_PENDING " ."AND (manager_email == '' OR manager_email = '$email') " ."ORDER BY status DESC, priority DESC, scope DESC, " ."modify_date"); $count = db_count($result); if ($count == 0) print("

No new/pending STRs found.

\n"); else { html_start_table(array("Id", "Priority", "Status", "Scope", "Summary", "Version", "Last Updated", "Assigned To")); while ($row = db_next($result)) { $date = date("M d, Y", $row['modify_date']); $summary = htmlspecialchars($row['summary'], ENT_QUOTES); $summabbr = htmlspecialchars(abbreviate($row['summary'], 80), ENT_QUOTES); $prtext = $priority_text[$row['priority']]; $sttext = $status_text[$row['status']]; $sctext = $scope_text[$row['scope']]; if ($row['is_published'] == 0) $summabbr .= "

"; html_start_row(); print("" ."" ."$row[id]" ."$prtext" ."$sttext" ."$sctext" ."$summabbr" ."$row[str_version]" ."$date"); if ($row['manager_email'] != "") $email = sanitize_email($row['manager_email']); else $email = "Unassigned"; print("$email"); html_end_row(); } html_end_table(); } db_free($result); // Show hidden comments... print("

Hidden Comments:

\n"); $result = db_query("SELECT * FROM comment WHERE status = 0 ORDER BY id"); if (db_count($result) == 0) print("

No hidden comments.

\n"); else { print("

$row[url] " ." by $create_user on $create_date " ."Edit " ."· Delete" ."
$contents

\n"); } db_free($result); html_footer(); break; case 'P' : // Change password account_header("Change Password"); if ($REQUEST_METHOD == "POST" && array_key_exists("PASSWORD", $_POST) && array_key_exists("PASSWORD2", $_POST) && $_POST["PASSWORD"] == $_POST["PASSWORD2"]) { // Store new password and re-login... print("

Password changed successfully!

\n"); } else { print("" ."\n" ."" ."\n" ."" ."\n" ."\n" ."

Password:
Password Again:
	" ."

\n"); } html_footer(); break; default : // Show account info... account_header($LOGIN_USER); if (array_key_exists("FROM", $_COOKIE)) $email = htmlspecialchars($_COOKIE["FROM"]); else $email = "unknown"; print("\n" ."\n" ."\n" ."" ."\n" ."

Username:	$LOGIN_USER
EMail:	$email
Access Level:	$levels[$LOGIN_LEVEL]

\n"); html_footer(); break; } // // End of "$Id$". // ?>