3 set_include_path(get_include_path() . PATH_SEPARATOR
. '../lib');
5 include_once('aur.inc.php'); # access AUR common functions
6 include_once('acctfuncs.inc.php'); # access Account specific functions
8 set_lang(); # this sets up the visitor's language
9 check_sid(); # see if they're still logged in
11 $action = in_request("Action");
13 $need_userinfo = array(
14 "DisplayAccount", "DeleteAccount", "AccountInfo", "UpdateAccount"
17 if (in_array($action, $need_userinfo)) {
18 $row = account_details(in_request("ID"), in_request("U"));
19 $PK = implode("\n", account_get_ssh_keys($row["ID"]));
22 /* This has to be done before the navigation headers are written,
23 * because html_header() fetches the current username from the database,
24 * which could be changed by process_account_form()
26 if ($action == "UpdateAccount") {
27 $update_account_message = '';
28 /* Details for account being updated */
29 /* Verify user permissions and that the request is a valid POST */
30 if (can_edit_account($row) && check_token()) {
31 /* Update the details for the existing account */
32 list($success, $update_account_message) = process_account_form(
33 "edit", "UpdateAccount",
34 in_request("U"), in_request("T"), in_request("S"),
35 in_request("E"), in_request("P"), in_request("C"),
36 in_request("R"), in_request("L"), in_request("I"),
37 in_request("K"), in_request("PK"), in_request("J"),
38 in_request("ID"), $row["Username"]);
42 if ($action == "AccountInfo") {
43 html_header(__('Account') . ' ' . $row['Username']);
45 html_header(__('Accounts'));
48 # Main page processing here
50 echo "<div class=\"box\">\n";
51 echo " <h2>".__("Accounts")."</h2>\n";
53 if (isset($_COOKIE["AURSID"])) {
54 if ($action == "SearchAccounts") {
58 if (has_credential(CRED_ACCOUNT_SEARCH
)) {
59 # the user has entered search criteria, find any matching accounts
61 search_results_page(in_request("O"), in_request("SB"),
62 in_request("U"), in_request("T"), in_request("S"),
63 in_request("E"), in_request("R"), in_request("I"),
67 # a non-privileged user is trying to access the search page
69 print __("You are not allowed to access this area.")."<br />\n";
72 } elseif ($action == "DisplayAccount") {
73 # the user has clicked 'edit', display the account details in a form
76 print __("Could not retrieve information for the specified user.");
78 /* Verify user has permission to edit the account */
79 if (can_edit_account($row)) {
80 display_account_form("UpdateAccount", $row["Username"],
81 $row["AccountTypeID"], $row["Suspended"], $row["Email"],
82 "", "", $row["RealName"], $row["LangPreference"],
83 $row["IRCNick"], $row["PGPKey"], $PK,
84 $row["InactivityTS"] ?
1 : 0, $row["ID"], $row["Username"]);
86 print __("You do not have permission to edit this account.");
90 } elseif ($action == "DeleteAccount") {
91 /* Details for account being deleted. */
92 if (can_edit_account($row)) {
94 if (in_request('confirm') && check_token()) {
96 header('Location: /');
98 $username = $row['Username'];
99 include("account_delete.php");
102 print __("You do not have permission to edit this account.");
104 } elseif ($action == "AccountInfo") {
105 # no editing, just looking up user info
108 print __("Could not retrieve information for the specified user.");
110 include("account_details.php");
113 } elseif ($action == "UpdateAccount") {
114 print $update_account_message;
117 display_account_form("UpdateAccount", in_request("U"), in_request("T"),
118 in_request("S"), in_request("E"), in_request("P"), in_request("C"),
119 in_request("R"), in_request("L"), in_request("I"), in_request("K"),
120 in_request("PK"), in_request("J"), in_request("ID"), $row["Username"]);
124 if (has_credential(CRED_ACCOUNT_SEARCH
)) {
125 # display the search page if they're a TU/dev
127 print __("Use this form to search existing accounts.")."<br />\n";
128 include('search_accounts_form.php');
131 print __("You are not allowed to access this area.");
136 # visitor is not logged in
138 print __("You must log in to view user information.");
143 html_footer(AURWEB_VERSION
);
