{$ax['usr_list_of_users']}\n"; $stH = stPrep("SELECT u.`ID`, u.`name` AS uname, u.`email`, u.`phone`, u.`number`, u.`language`, u.`login0`, u.`login1`, u.`loginCnt`, g.`name` AS gname, g.`color` FROM `users` AS u INNER JOIN `groups` AS g ON g.`ID` = u.`groupID` WHERE u.`status` >= 0 ORDER BY CASE WHEN u.`ID` <= 2 THEN u.`ID` ELSE u.`name` END"); stExec($stH,null); $rows = $stH->fetchAll(PDO::FETCH_ASSOC); echo "\n\n"; foreach ($rows as $user) { $firstLoginD = ($user['login0'] != '9999-00-00') ? IDtoDD($user['login0']) : ''; $lastLoginD = ($user['login1'] != '9999-00-00') ? IDtoDD($user['login1']) : ''; $style = $user['color'] ? " style='background-color:{$user['color']};'" : ''; echo ""; echo "{$user['gname']}"; echo ($usr['privs'] == 9 or $user['ID'] != 2) ? "" : ''; echo ($user['ID'] > 2 and $user['ID'] != $usr['ID']) ? "" : ''; echo "\n"; } echo "
 {$ax['id']} {$ax['usr_name']}{$ax['usr_email']}{$ax['usr_phone_br']}{$ax['usr_number_br']}{$ax['usr_language']}{$ax['usr_group']}{$ax['usr_login_0']}{$ax['usr_login_1']}{$ax['usr_login_cnt']}"; if (count($rows) > 2) { echo ""; } echo "
{$user['ID']}{$user['uname']}{$user['email']}{$user['phone']}{$user['number']}".ucfirst($user['language'])."{$firstLoginD}{$lastLoginD}{$user['loginCnt']}
\n"; echo "    \n"; } function editUser(&$user) { global $ax, $usr, $mode, $lcI; $uid = $user['id']; echo "
\n"; echo "
"; if ($mode != 'add' and !isset($_POST["uName"])) { $stH = stPrep("SELECT * FROM `users` WHERE `ID` = ?"); stExec($stH,array($uid)); $row = $stH->fetch(PDO::FETCH_ASSOC); $stH = null; if ($row) { $user['name'] = $row['name']; $user['mail'] = $row['email']; $user['phone'] = $row['phone']; $user['usrNr'] = $row['number']; $user['lang'] = $row['language']; $user['pword'] = $row['password']; $user['grpID'] = $row['groupID']; } $pwStar = '*'; echo "{$ax['usr_edit_user']}\n"; } else { $pwStar = ''; echo "{$ax['usr_add']}\n"; } echo " \n"; echo "\n"; if ($mode != 'add') { echo "\n"; } echo "\n"; if ($uid != 1) { //not public access echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; if ($pwStar) { echo "\n"; } } echo ""; if ($uid == $usr['ID'] or $uid == 2) { $stH = stPrep("SELECT `name`,`color` FROM `groups` WHERE `ID` = ?"); stExec($stH,array($user['grpID'])); $row = $stH->fetch(PDO::FETCH_ASSOC); $stH = null; $color = $row['color'] ? " style='background-color:{$row['color']};'" : ''; echo "\n"; } else { $stH = stPrep("SELECT `ID`,`name`,`color` FROM `groups` WHERE `status` >= 0 ORDER BY `ID`"); stExec($stH,null); echo "\n"; } echo "
{$ax['id']}: {$user['id']}
{$ax['usr_name']}:
{$ax['usr_email']}:
{$ax['usr_phone']}:
{$ax['usr_number']}:
{$ax['usr_ui_language']}:
{$ax['usr_password']}{$pwStar}:
* {$ax['usr_if_changing_pw']}
{$ax['usr_group']}:{$row['name']}
\n
\n"; if ($mode == 'add') { echo ""; } else { echo ""; } echo "   
\n"; } function addUser(&$user) { //add user account global $ax, $set, $mode, $rxEmail; do { //validate input if (!$user['name'] or !$user['mail'] or !$user['newPw']) { $msg = $ax['usr_cred_required']; break; } if (!preg_match("/^[\w\s\._-]{2,}$/u", $user['name'])) { $msg = $ax['usr_un_invalid']; break; } if (!preg_match($rxEmail,$user['mail'])) { $msg = $ax['usr_em_invalid']; break; } if ($user['phone'] and !preg_match("/^\+?\d{4,19}$/",$user['phone'])) { $msg = $ax['usr_ph_invalid']; break; } //add to database $stH = stPrep("SELECT `name`,`email` FROM `users` WHERE (`name` = ? OR `email` = ?) AND `status` >= 0"); stExec($stH,array($user['name'],$user['mail'])); $row = $stH->fetch(PDO::FETCH_ASSOC); $stH = null; if ($row) { // name or email already exists $msg = $row['name'] == $user['name'] ? $ax['usr_name_exists'] : $ax['usr_email_exists']; break; } $password = md5($user['newPw']); $stH = stPrep("INSERT INTO `users` (`name`,`password`,`email`,`phone`,`number`,`groupID`,`language`) VALUES (?,?,?,?,?,?,?)"); stExec($stH,array($user['name'],$password,$user['mail'],$user['phone'],$user['usrNr'],$user['grpID'],$user['lang'])); $user['id'] = dbLastRowId(); //set id to new user $msg = $ax['usr_added']; $mode = ''; } while (false); return $msg; } function updateUser(&$user) { //update user account global $ax, $set, $mode, $rxEmail; do { if (!preg_match("/^[\w\s\._-]{2,}$/u", $user['name'])) { $msg = $ax['usr_un_invalid']; break; } if ($user['id'] > 1) { //not Public User if (!preg_match($rxEmail,$user['mail'])) { $msg = $ax['usr_em_invalid']; break; } if ($user['phone'] and !preg_match("/^\+?[\d]{4,19}$/",$user['phone'])) { $msg = $ax['usr_ph_invalid']; break; } } if ($user['newPw']) { $user['pword'] = md5($user['newPw']); } $stH = stPrep("UPDATE `users` SET `name` = ?,`password` = ?,`email` = ?,`phone` = ?,`number` = ?,`groupID` = ?,`language` = ? WHERE `ID` = ?"); stExec($stH,array($user['name'],$user['pword'],$user['mail'],$user['phone'],$user['usrNr'],$user['grpID'],$user['lang'], $user['id'])); $msg = $ax['usr_updated']; $mode = ''; } while (false); return $msg; } function deleteUser($user) { //delete user account global $ax, $usr; do { if ($user['id'] == $usr['ID']) { $msg = $ax['usr_cant_delete_yourself']; break; } $stH = stPrep("UPDATE `users` SET `status` = -1 WHERE `ID` = ?"); stExec($stH,array($user['id'])); $deleted = $stH->rowCount(); if (!$deleted) { $msg = "Database Error: {$ax['usr_not_deleted']}"; break; } $msg = $ax['usr_deleted']; } while (false); return $msg; } //control logic if ($usr['privs'] >= 4) { //manager or admin $msg = ''; if (isset($_POST['addExe'])) { $msg = addUser($user); } elseif (isset($_POST['updExe'])) { $msg = updateUser($user); } elseif (isset($_POST['delExe'])) { $msg = deleteUser($user); } echo "

{$msg}

\n"; if (!$mode or isset($_POST['back'])) { showUsers(); //no add / no edit } else { editUser($user); //add or edit } echo "
\n
\n"; } else { echo "

{$ax['no_way']}

\n"; } ?>