-
Notifications
You must be signed in to change notification settings - Fork 1
/
user_edit.php
62 lines (54 loc) · 2.4 KB
/
user_edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
require_once('runtime.php');
require_once('./lib/core/helper.class.php');
require_once('./lib/core/user_old.class.php');
$smarty->assign('message', Message::getMessage());
if ($_GET['section'] == "edit") {
//Only owner and Root can access this site.
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int)$_GET['user_id'])) {
$smarty->assign('user', User_old::getUserByID($_GET['user_id']));
$smarty->assign('is_root', Permission::checkPermission(PERM_ROOT, $_SESSION['user_id']));
$smarty->assign('permissions', User_old::getRolesByUserID($_GET['user_id']));
$smarty->display("header.tpl.html");
$smarty->display("user_edit.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int)$_GET['user_id']);
}
} elseif ($_GET['section'] == "insert_edit") {
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int)$_GET['user_id'])) {
if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'],
$_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'],
$_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'],
$_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) {
header('Location: user.php?user_id='.$_GET['user_id']);
} else {
header('Location: user_edit.php?section=edit&user_id='.$_GET['user_id']);
}
} else {
Permission::denyAccess(PERM_ROOT, (int)$_GET['user_id']);
}
} elseif ($_GET['section'] == "delete") {
if(permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int)$_GET['user_id'])) {
if ($_POST['delete'] == "true") {
//fetch user data
$user = new User((int)$_GET['user_id']);
$user->fetch();
//logout user if the logged in user is the user to be deleted
if($_GET['user_id'] == $_SESSION['user_id'])
Login::user_logout();
//delete user
$user->delete();
$message[] = array("Der Benutzer ".$user->getNickname()." wurde gelöscht.", 1);
message::setMessage($message);
header('Location: index.php');
} else {
$message[] = array("Sie müssen das Häckchen bei <i>Ja</i> setzen um den Benutzer zu löschen.", 2);
message::setMessage($message);
header('Location: user_edit.php?section=edit&user_id='.$_GET['user_id']);
}
} else {
Permission::denyAccess(PERM_ROOT, (int)$_GET['user_id']);
}
}
?>