web/html/account.php

   1 <?php
   2
   3 set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
   4
   5 include_once('aur.inc.php');         # access AUR common functions
   6 include_once('acctfuncs.inc.php');   # access Account specific functions
   7
   8 set_lang();                 # this sets up the visitor's language
   9 check_sid();                # see if they're still logged in
  10
  11 $action = in_request("Action");
  12
  13 $need_userinfo = array(
  14         "DisplayAccount", "DeleteAccount", "AccountInfo", "UpdateAccount"
  15 );
  16
  17 if (in_array($action, $need_userinfo)) {
  18         $row = account_details(in_request("ID"), in_request("U"));
  19         $PK = implode("\n", account_get_ssh_keys($row["ID"]));
  20 }
  21
  22 /* This has to be done before the navigation headers are written,
  23  * because html_header() fetches the current username from the database,
  24  * which could be changed by process_account_form()
  25  */
  26 if ($action == "UpdateAccount") {
  27         $update_account_message = '';
  28         /* Details for account being updated */
  29         /* Verify user permissions and that the request is a valid POST */
  30         if (can_edit_account($row) && check_token()) {
  31                 /* Update the details for the existing account */
  32                 list($success, $update_account_message) = process_account_form(
  33                         "edit", "UpdateAccount",
  34                         in_request("U"), in_request("T"), in_request("S"),
  35                         in_request("E"), in_request("H"), in_request("P"),
  36                         in_request("C"), in_request("R"), in_request("L"),
  37                         in_request("I"), in_request("K"), in_request("PK"),
  38                         in_request("J"), in_request("CN"), in_request("ID"),
  39                         $row["Username"]);
  40         }
  41 }
  42
  43 if ($action == "AccountInfo") {
  44         html_header(__('Account') . ' ' . $row['Username']);
  45 } else {
  46         html_header(__('Accounts'));
  47 }
  48
  49 # Main page processing here
  50 #
  51 echo "<div class=\"box\">\n";
  52 echo "  <h2>".__("Accounts")."</h2>\n";
  53
  54 if (isset($_COOKIE["AURSID"])) {
  55         if ($action == "SearchAccounts") {
  56
  57                 # security check
  58                 #
  59                 if (has_credential(CRED_ACCOUNT_SEARCH)) {
  60                         # the user has entered search criteria, find any matching accounts
  61                         #
  62                         search_results_page(in_request("O"), in_request("SB"),
  63                                         in_request("U"), in_request("T"), in_request("S"),
  64                                         in_request("E"), in_request("R"), in_request("I"),
  65                                         in_request("K"));
  66
  67                 } else {
  68                         # a non-privileged user is trying to access the search page
  69                         #
  70                         print __("You are not allowed to access this area.")."<br />\n";
  71                 }
  72
  73         } elseif ($action == "DisplayAccount") {
  74                 # the user has clicked 'edit', display the account details in a form
  75                 #
  76                 if (empty($row)) {
  77                         print __("Could not retrieve information for the specified user.");
  78                 } else {
  79                         /* Verify user has permission to edit the account */
  80                         if (can_edit_account($row)) {
  81                                 display_account_form("UpdateAccount", $row["Username"],
  82                                         $row["AccountTypeID"], $row["Suspended"], $row["Email"],
  83                                         $row["HideEmail"], "", "", $row["RealName"],
  84                                         $row["LangPreference"], $row["IRCNick"], $row["PGPKey"], $PK,
  85                                         $row["InactivityTS"] ? 1 : 0, $row["CommentNotify"],
  86                                         $row["ID"], $row["Username"]);
  87                         } else {
  88                                 print __("You do not have permission to edit this account.");
  89                         }
  90                 }
  91
  92         } elseif ($action == "DeleteAccount") {
  93                 /* Details for account being deleted. */
  94                 if (can_edit_account($row)) {
  95                         $UID = $row['ID'];
  96                         if (in_request('confirm') && check_token()) {
  97                                 user_delete($UID);
  98                                 header('Location: /');
  99                         } else {
 100                                 $username = $row['Username'];
 101                                 include("account_delete.php");
 102                         }
 103                 } else {
 104                         print __("You do not have permission to edit this account.");
 105                 }
 106         } elseif ($action == "AccountInfo") {
 107                 # no editing, just looking up user info
 108                 #
 109                 if (empty($row)) {
 110                         print __("Could not retrieve information for the specified user.");
 111                 } else {
 112                         include("account_details.php");
 113                 }
 114
 115         } elseif ($action == "UpdateAccount") {
 116                 print $update_account_message;
 117
 118                 if (!$success) {
 119                         display_account_form("UpdateAccount", in_request("U"),
 120                                 in_request("T"), in_request("S"),
 121                                 in_request("E"), in_request("H"),
 122                                 in_request("P"), in_request("C"),
 123                                 in_request("R"), in_request("L"),
 124                                 in_request("I"), in_request("K"),
 125                                 in_request("PK"), in_request("J"),
 126                                 in_request("CN"), in_request("ID"),
 127                                 $row["Username"]);
 128                 }
 129
 130         } else {
 131                 if (has_credential(CRED_ACCOUNT_SEARCH)) {
 132                         # display the search page if they're a TU/dev
 133                         #
 134                         print __("Use this form to search existing accounts.")."<br />\n";
 135                         include('search_accounts_form.php');
 136
 137                 } else {
 138                         print __("You are not allowed to access this area.");
 139                 }
 140         }
 141
 142 } else {
 143         # visitor is not logged in
 144         #
 145         print __("You must log in to view user information.");
 146 }
 147
 148 echo "</div>";
 149
 150 html_footer(AURWEB_VERSION);
 151
 152 ?>