search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / manage_user_edit_page.php
blob9d1875c99eb3adbc84bde48346e5ae386d1b9bb7
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * @package MantisBT
19 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
20 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
21 * @link http://www.mantisbt.org
22 *
23 * @uses core.php
24 * @uses access_api.php
25 * @uses authentication_api.php
26 * @uses config_api.php
27 * @uses constant_inc.php
28 * @uses error_api.php
29 * @uses form_api.php
30 * @uses gpc_api.php
31 * @uses helper_api.php
32 * @uses html_api.php
33 * @uses lang_api.php
34 * @uses print_api.php
35 * @uses string_api.php
36 * @uses user_api.php
37 * @uses utility_api.php
38 */
39
40 /**
41 * MantisBT Core API's
42 */
43 require_once( 'core.php' );
44 require_api( 'access_api.php' );
45 require_api( 'authentication_api.php' );
46 require_api( 'config_api.php' );
47 require_api( 'constant_inc.php' );
48 require_api( 'error_api.php' );
49 require_api( 'form_api.php' );
50 require_api( 'gpc_api.php' );
51 require_api( 'helper_api.php' );
52 require_api( 'html_api.php' );
53 require_api( 'lang_api.php' );
54 require_api( 'print_api.php' );
55 require_api( 'string_api.php' );
56 require_api( 'user_api.php' );
57 require_api( 'utility_api.php' );
58
59 auth_reauthenticate();
60
61 access_ensure_global_level( config_get( 'manage_user_threshold' ) );
62
63 $f_username = gpc_get_string( 'username', '' );
64
65 if ( is_blank( $f_username ) ) {
66 $t_user_id = gpc_get_int( 'user_id' );
67 } else {
68 $t_user_id = user_get_id_by_name( $f_username );
69 if ( $t_user_id === false ) {
70 error_parameters( $f_username );
71 trigger_error( ERROR_USER_BY_NAME_NOT_FOUND, ERROR );
72 }
73 }
74
75 $t_user = user_get_row( $t_user_id );
76
77 # Ensure that the account to be updated is of equal or lower access to the
78 # current user.
79 access_ensure_global_level( $t_user['access_level'] );
80
81 $t_ldap = ( LDAP == config_get( 'login_method' ) );
82
83 html_page_top();
84
85 print_manage_menu();
86 ?>
87
88 <!-- USER INFO -->
89 <div id="edit-user-div" class="form-container">
90 <form id="edit-user-form" method="post" action="manage_user_update.php">
91 <fieldset>
92 <legend><span><?php echo lang_get( 'edit_user_title' ) ?></span></legend>
93 <?php echo form_security_field( 'manage_user_update' ) ?>
94 <!-- Title -->
95 <input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
96
97 <!-- Username -->
98 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
99 <label for="edit-username"><span><?php echo lang_get( 'username_label' ) ?></span></label>
100 <span class="input"><input id="edit-username" type="text" size="16" maxlength="<?php echo USERLEN;?>" name="username" value="<?php echo string_attribute( $t_user['username'] ) ?>" /></span>
101 <span class="label-style"></span>
102 </div>
103
104 <!-- Realname -->
105 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"><?php
106 if ( $t_ldap && ON == config_get( 'use_ldap_realname' ) ) {
107 # With LDAP
108 echo '<span class="display-label"><span>' . lang_get( 'realname_label' ) . '</span></span>';
109 echo '<span class="input">';
110 echo string_display_line( user_get_realname( $t_user_id ) );
111 echo '</span>';
112 } else {
113 # Without LDAP ?>
114 <label for="edit-realname"><span><?php echo lang_get( 'realname_label' ) ?></span></label>
115 <span class="input"><input id="edit-realname" type="text" size="16" maxlength="<?php echo REALLEN;?>" name="realname" value="<?php echo string_attribute( $t_user['realname'] ) ?>" /></span><?php
116 }
117 ?>
118 <span class="label-style"></span>
119 </div>
120 <!-- Email -->
121 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"><?php
122 if ( $t_ldap && ON == config_get( 'use_ldap_email' ) ) {
123 # With LDAP
124 echo '<span class="display-label"><span>' . lang_get( 'email_label' ) . '</span></span>';
125 echo '<span class="input">' . string_display_line( user_get_email( $t_user_id ) ) . '</span>';
126 } else {
127 # Without LDAP
128 echo '<label for="email-field"><span>' . lang_get( 'email_label' ) . '</span></label>';
129 echo '<span class="input">';
130 print_email_input( 'email', $t_user['email'] );
131 echo '</span>';
132 } ?>
133 <span class="label-style"></span>
134 </div>
135 <!-- Access Level -->
136 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
137 <label for="edit-access-level"><span><?php echo lang_get( 'access_level_label' ) ?></span></label>
138 <span class="select">
139 <select id="edit-access-level" name="access_level"><?php
140 $t_access_level = $t_user['access_level'];
141 if ( !MantisEnum::hasValue( config_get( 'access_levels_enum_string' ), $t_access_level ) ) {
142 $t_access_level = config_get( 'default_new_account_access_level' );
143 }
144 print_project_access_levels_option_list( $t_access_level ); ?>
145 </select>
146 </span>
147 <span class="label-style"></span>
148 </div>
149 <!-- Enabled Checkbox -->
150 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
151 <label for="edit-enabled"><span><?php echo lang_get( 'enabled_label' ) ?></span></label>
152 <span class="checkbox"><input id="edit-enabled" type="checkbox" name="enabled" <?php check_checked( $t_user['enabled'], ON ); ?> /></span>
153 <span class="label-style"></span>
154 </div>
155 <!-- Protected Checkbox -->
156 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
157 <label for="edit-protected"><span><?php echo lang_get( 'protected_label' ) ?></span></label>
158 <span class="checkbox"><input id="edit-protected" type="checkbox" name="protected" <?php check_checked( $t_user['protected'], ON ); ?> /></span>
159 <span class="label-style"></span>
160 </div><?php
161 if ( config_get( 'enable_email_notification' ) == ON ) {
162 echo '<div class="field-container ', helper_alternate_class_no_attribute(), '">';
163 echo '<label for="send-email"><span>' . lang_get( 'notify_user' ) . '</span></label>';
164 echo '<span class="checkbox"><input id="send-email" type="checkbox" name="send_email_notification" checked="checked" /></span>';
165 echo '<span class="label-style"></span>';
166 echo '</div>';
167 } ?>
168 <!-- Submit Button -->
169 <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'update_user_button' ) ?>" /></span>
170 </fieldset>
171 </form>
172 </div>
173
174 <div id="manage-user-actions-div" class="form-container">
175 <?php if( !$t_ldap ) { ?>
176 <form id="manage-user-reset-form" method="post" action="manage_user_reset.php" class="action-button">
177 <fieldset>
178 <?php echo form_security_field( 'manage_user_reset' ) ?>
179 <input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
180 <span><input type="submit" class="button" value="<?php echo lang_get( 'reset_password_button' ) ?>" /></span>
181 </fieldset>
182 </form>
183 <?php } ?>
184
185 <!-- Delete Button -->
186 <?php if ( !( ( user_is_administrator( $t_user_id ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) ) ) { ?>
187 <form id="manage-user-delete-form" method="post" action="manage_user_delete.php" class="action-button">
188 <fieldset>
189 <?php echo form_security_field( 'manage_user_delete' ) ?>
190 <input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
191 <span><input type="submit" class="button" value="<?php echo lang_get( 'delete_user_button' ) ?>" /></span>
192 </fieldset>
193 </form>
194 <?php } ?>
195 </div>
196
197 <?php if( !$t_ldap ) { ?>
198 <div class="important-msg">
199 <?php
200 if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
201 echo lang_get( 'reset_password_msg' );
202 } else {
203 echo lang_get( 'reset_password_msg2' );
204 }
205 ?>
206 </div>
207 <?php } ?>
208
209 <!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
210 <?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) &&
211 !user_is_administrator( $t_user_id ) ) {
212 ?>
213 <div class="form-container">
214 <h2><?php echo lang_get( 'add_user_title' ) ?></h2>
215 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
216 <span class="display-label"><span><?php echo lang_get( 'assigned_projects_label' ) ?></span></span>
217 <div class="input"><?php print_project_user_list( $t_user['id'] ) ?></div>
218 <span class="label-style"></span>
219 </div>
220 <form id="manage-user-project-add-form" method="post" action="manage_user_proj_add.php">
221 <fieldset>
222 <?php echo form_security_field( 'manage_user_proj_add' ) ?>
223 <input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
224 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
225 <label for="add-user-project-id"><span><?php echo lang_get( 'unassigned_projects_label' ) ?></span></label>
226 <span class="select">
227 <select id="add-user-project-id" name="project_id[]" multiple="multiple" size="5">
228 <?php print_project_user_list_option_list2( $t_user['id'] ) ?>
229 </select>
230 </span>
231 <span class="label-style"></span>
232 </div>
233 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>">
234 <label for="add-user-project-access"><span><?php echo lang_get( 'access_level_label' ) ?></span></label>
235 <span class="select">
236 <select id="add-user-project-access" name="access_level">
237 <?php print_project_access_levels_option_list( config_get( 'default_new_account_access_level' ) ) ?>
238 </select>
239 </span>
240 <span class="label-style"></span>
241 </div>
242 <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'add_user_button' ) ?>" /></span>
243 </fieldset>
244 </form>
245 </div><?php
246 } # End of PROJECT ACCESS conditional section
247
248 define ( 'ACCOUNT_PREFS_INC_ALLOW', true );
249 include( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_prefs_inc.php' );
250 edit_account_prefs( $t_user['id'], false, false, 'manage_user_edit_page.php?user_id=' . $t_user_id );
251
252 html_page_bottom();