<?php
/** 
* @package	uForum 
* @file		admin/admin_users.php
* @version	$Id$ 
* @copyright	2007-2010 (c) PioDer <pioder@wp.pl>
* @link    		http://www.pioder.pl/
* @license	see LICENSE.txt
**/
define('IN_uF', true);
//include files
require('./../config.php');
require('./../includes/constants.php');
require('./../includes/db.php');
require('./../includes/errors.php');
//connect to database
DataBase::db_connect();
require('./../includes/sessions.php');
require('./../includes/classes/class_user.php');
require('./../common.php');
require('./../includes/admin/class_main.php');
require('./../includes/misc_functions.php');
require('./../includes/classes/class_topic.php');
require('./../includes/classes/class_posting.php');
require('./../includes/classes/secure.php');
$default_lang = Admin_Over::DefaultLang();
require('./../lngs/'.$default_lang.'/admin.php');
SessDelInvalid();	
SessRegister();
SessDeleteOld();
if (User::UserInformation($_SESSION['uid'],'rank')!=2)
{
	admin_message_forum($lng['yournotadmin'],'../index.php');
}

if (!isset($_GET['mode']))
{
	header('Location: admin_users.php?mode=view');	
}
switch($_GET['mode'])
{
	case 'delete':
	{
		$uid = intval($_GET['id']);

		//delete from users table
		$sql = "DELETE FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
		DataBase::sql_query($sql,GENERAL,'Could not delete user.');

		//delete from PM SentBox table
		$sql = "DELETE FROM ".PM_SENTBOX_TABLE." WHERE `u_n_id`='$uid'";
		DataBase::sql_query($sql,GENERAL,'Could not delete user sentbox messages.');

		//update PM InBox table -> change u_n_id to Anonymous
		$sql = "UPDATE ".PM_INBOX_TABLE." SET `u_n_id`='-1' WHERE `u_n_id`='$uid'";
		DataBase::sql_query($sql,GENERAL,'Could not update user inbox messages.');

		//update user posts -> change u_id to Anonymous
		$sql = "UPDATE ".POSTS_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
		DataBase::sql_query($sql,GENERAL,'Could edit post.');

		//update shoutbox messages -> change u_id to Anonymous
		$sql = "UPDATE ".SHOUTBOX_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
		DataBase::sql_query($sql,GENERAL,'Could edit shoutbox messages.');

		//update user topics -> change u_id to Anonymous
		$sql = "UPDATE ".TOPICS_TABLE." SET `author`='-1' WHERE `author`='$uid'";
		DataBase::sql_query($sql,GENERAL,'Could edit post.');

		//back to admin users
		admin_message_forum($lng['user_deleted'],'admin_users.php');
		break;
 	}	
	case 'edit':
	{
		$uid = intval($_GET['id']);
		$msg='';
		$errors = true;
		if (isset($_POST['email']))
		{
			if ( ereg ("^.+@.+\..+$", $_POST['email']))
			{
				//if user changing password... 
				if ($_POST['password']!='')
				{
					if (md5($_POST['password'])==User::UserInformation($_SESSION['uid'],'pass'))
					{
						if ($_POST['newpassword']==$_POST['confirmpassword'])
						{
							User::UpdatePassword($_SESSION['uid'], md5(strip_tags($_POST['newpassword'])));
							$errors = false;
						}
						else
						{
							$message=$lng['incorrect_password2'];
							$msg = './template/post_error_body.tpl';
						}
					}
					else
					{
						$message=$lng['incorrect_password'];
						$msg = './template/post_error_body.tpl';  
					}
				}
				else
				{
					if ($_POST['default_skin']!='-1')
					{
						if ($_POST['default_lang']!='-1')
						{
							if ($_POST['limit_tpid']!='-1')
							{
								if ($_POST['limit_ftid']!='-1')
								{
									if ($_POST['limit_users']!='-1')
									{
										if (strlen(trim($_POST['sig']))<$forum_config['sig_len'])
										{
											$errors = false;
										}
										else
										{
											$message = $lng['signature_too_long'];
											$msg = './template/post_error_body.tpl'; 
										} 
									}
									else
									{
										$message = $lng['no_limit_users'];
										$msg = './template/post_error_body.tpl'; 
									} 
								}
								else
								{
									$message = $lng['no_limit_ftid'];
									$msg = './template/post_error_body.tpl'; 
								} 
							}
							else
							{
								$message = $lng['no_limit_tpid'];
								$msg = './template/post_error_body.tpl'; 
							}  
						}
						else
						{
							$message=$lng['invalid_lang'];
							$msg = './template/post_error_body.tpl';  
						}
					}
					else
					{
						$message=$lng['invalid_skin'];
						$msg = './template/post_error_body.tpl'; 
					}
				}
				if (!$errors)
				{
					$_POST['ggnumber']=strip_tags($_POST['ggnumber']);
					$_POST['interests']=strip_tags($_POST['interests']);
					$_POST['sig']=Secure::TagsReplace($_POST['sig']);
					$allow_shoutbox = (isset($_POST['allow_shoutbox'])) ? '1' : 0;
					if (isset($_FILES['avatar_file']['tmp_name']))
					{
						$extension = substr($_FILES['avatar_file']['name'],(strlen($_FILES['avatar_file']['name'])-3));
						if (($extension == 'jpg') or ($extension == 'gif'))
						{
							if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg'))
							{
								unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg');
							}
							if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif'))
							{
								unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif');
							}
							move_uploaded_file($_FILES['avatar_file']['tmp_name'], AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension);
							$_POST['avatar'] = AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension;
						}
						else
						{
							$_POST['avatar'] = strip_tags($_POST['avatar']);
						}
					}
					else
					{
						$_POST['avatar'] = strip_tags($_POST['avatar']);
					}
					User::UpdateAdminPools($uid,strip_tags($_POST['posts']),$_POST['user_rank'],$_POST['user_active'], strip_tags($_POST['nick']));	
					User::UpdateProfile($uid,$_POST['ggnumber'],$_POST['email'],$_POST['interests'], $_POST['sig'],$_POST['avatar'],$_POST['allow_qr'],$_POST['allow_email'],$_POST['allow_gg'],$_POST['default_skin'],$_POST['default_lang'], $_POST['limit_tpid'],$_POST['limit_ftid'], $_POST['limit_users'], $allow_shoutbox);
					admin_message_forum($lng['profile_modernized'],'admin_users.php?mode=edit&id='.$uid);
				}
			}
			else
			{
				$message=$lng['invalid_email'];
				$msg = './template/post_error_body.tpl'; 
			}
		}
		$sql = "SELECT * FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
		$userinfo = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information'));
		if ($userinfo['rank']=='')
		{
			admin_message_forum($lng['no_user'],'admin_users.php?mode=view');
		}
		//add skin variables
		$skin = array(
		//labels profile
		'L.admin_users'=>$lng['admin_users'],
		'lnick'=>$lng['user_name'],
		'lpass'=>$lng['lpassw'],
		'lnewpass'=>$lng['new_password'],
		'lcpass'=>$lng['confirm_password'],
		'lemail'=>'E-mail',
		'lgg'=>$lng['gg_number'],
		'lallow_gg'=>$lng['allow_gg'],
		'lallow_email'=>$lng['allow_email'],
		'lallow_qr'=>$lng['allow_qr'],
		'linterests'=>$lng['luinterests'],
		'lsig'=>$lng['sig'],
		'lavaddr'=>$lng['picture_adress'],
		'lovpr'=>$lng['general_settings'],
		'L.select_value'=>$lng['select_value'],
		'L.limit_users'=>$lng['limit_users'],
		'OPTIONS.limit_users'=>ListPages($userinfo['limit_users']),
		'L.posts_in_topic'=>$lng['limit_posts'],
		'OPTIONS.limit_tpid'=>ListPages($userinfo['limit_tpid']),
		'L.topics_in_forum'=>$lng['limit_topics'],
		'OPTIONS.limit_ftid'=>ListPages($userinfo['limit_ftid']),
		'lupr'=>$lng['profile_settings'],
		'lspr'=>$lng['signature_settings'],
		'ladmpr'=>$lng['admin_settings'],
		'luser_rank'=>$lng['user_rank'],
		'luser_actived'=>$lng['user_actived'],
		'lposts'=>$lng['posts'],
		'posts'=>$userinfo['posts'],
		'ldefault_lang'=>$lng['default_lang'],
		'default_lang'=>ListDir('../lngs', $userinfo['lang']),
		'l2default_lang'=>$lng['select_lang'],
		'ldefault_skin'=>$lng['default_skin2'],
		'default_skin'=>ListDir('../skins', $userinfo['skin']),
		'l2default_skin'=>$lng['select_skin'],
		'lapr'=>$lng['avatar_settings'],
		'lsubmit'=>$lng['save'],
		'allow'=>$lng['allow'],
		'lreset'=>$lng['reset'],
		'nick'=>$userinfo['nick'],
		'user'=>$lng['user'],
		'lallow_shoutbox'=>$lng['allow_shoutbox'],
		'allow_shoutbox'=>($userinfo['view_shoutbox']==1) ? 'checked="checked"' : '',
		//options profile
		'sig'=>$userinfo['sig'],
		'avatar'=>$userinfo['avatar'],
		'interests'=>$userinfo['interests'],
		'email'=>$userinfo['email'],
		'gg'=>$userinfo['gg'],
		//options values
		'option_no_gg'=>($userinfo['allow_gg']==0) ? 'checked="checked"' : '',
		'option_no_email'=>($userinfo['allow_email']==0) ? 'checked="checked"' : '',
		'option_no_qr'=>($userinfo['allow_qr']==0) ? 'checked="checked"' : '',
		'option_yes_gg'=>($userinfo['allow_gg']==1) ? 'checked="checked"' : '',
		'option_yes_email'=>($userinfo['allow_email']==1) ? 'checked="checked"' : '',
		'option_yes_qr'=>($userinfo['allow_qr']==1) ? 'checked="checked"' : '',
		'option_no_ua'=>($userinfo['active']==0) ? 'checked="checked"' : '',
		'option_yes_ua'=>($userinfo['active']==1) ? 'checked="checked"' : '',
		//user rank
		'option_0_rank'=>($userinfo['rank']==0) ? 'checked="checked"' : '',
		'option_1_rank'=>($userinfo['rank']==1) ? 'checked="checked"' : '',
		'option_2_rank'=>($userinfo['rank']==2) ? 'checked="checked"' : '',
		'no'=>$lng['no'],
		'lavfile'=>$lng['avatar_file'],
		'yes'=>$lng['yes']
		);
		if ($msg=='')
		{
			$msg = './template/blank.tpl';
		}
		Admin_Over::GenerateHeader();
		require('./template/user_edit_body.tpl');
		require('./template/overall_footer.tpl');;
	 	break;
 	}
	case 'view':
 	{
		if (isset($_GET['page'])&&($_GET['page']!=1))
		{
			if (!is_numeric($_GET['page']))
			{
				die('Hacking attempt');
			}
			$value = ($_GET['page']-1)*30;
			$limit = 'LIMIT '.$value . ', 30';
			$page = $_GET['page'];
		}
		else
		{
		  $limit = 'LIMIT 0, 30';
		  $page=1;
		}
		$count = DataBase::fetch(DataBase::sql_query("SELECT COUNT(`u_id`) as `u_id` 
		FROM ".USERS_TABLE,GENERAL,'Could not obtain count amout of users'));
		$count = $count['u_id'];
		$count = ceil($count /30);
		if(isset($_GET['page']) && ($_GET['page']>$count))
		{
			message_forum($lng['invalidpage'],'admin_users.php');
		}
		if (isset($_COOKIE['users_desc'], $_POST['desc']))
		{
			unset($_COOKIE['users_desc']);
		}
		if (isset($_POST['sort'],$_COOKIE['users_sort']))
		{
			unset($_COOKIE['users_sort']);
		}
		if (!isset($_COOKIE['users_desc']))
		{
			if (isset($_POST['desc']))
			{
   				switch($_POST['desc'])
   				{
       					case 'yes':
       					{
	        		   		@setcookie('users_desc','desc',$_SERVER['REQUEST_TIME']+3600);
						$_COOKIE['users_desc'] = 'desc';
						$desc = 'DESC';	
						break;
					}
					case 'no':
					{
			    			@setcookie('users_desc','no',$_SERVER['REQUEST_TIME']+3600);
						$_COOKIE['users_desc'] = 'no';
						$desc = '';
						break;
					}
				}
			}
			else
			{
		   		@setcookie('users_desc','no',$_SERVER['REQUEST_TIME']+3600);
				$_COOKIE['users_desc'] = 'no';
				$desc = '';
			}
		}
		else
		{
		  	$desc = ($_COOKIE['users_desc']=='desc') ? 'DESC' : '';
		}
		if (!isset($_COOKIE['users_sort']))
		{
			if (isset($_POST['sort']))
			{
   				switch($_POST['sort'])
   				{
       					case 'regdate':
					{
						@setcookie('users_sort','regdate',$_SERVER['REQUEST_TIME']+3600);
						$_COOKIE['users_sort'] = 'regdate';
						break;	
					}
					case 'lastvisit':
					{
						@setcookie('users_sort','lastvisit',$_SERVER['REQUEST_TIME']+3600);
						$_COOKIE['users_sort'] = 'lastvisit';
						break;	
					}
					case 'uname':
					{
						@setcookie('users_sort','uname',$_SERVER['REQUEST_TIME']+3600);
						$_COOKIE['users_sort'] = 'uname';
						break;	
					}
					case 'posts':
					{
						@setcookie('users_sort','posts',$_SERVER['REQUEST_TIME']+3600);
						$_COOKIE['users_sort'] = 'posts';
						break;	
					}	
				}
			}
			else
			{
				@setcookie('users_sort','regdate',$_SERVER['REQUEST_TIME']+3600);
				$_COOKIE['users_sort'] = 'regdate';
			}
		}
		//add skin variables
		$skin = array(
		'ldesc' => $lng['desc'],
		'lselectusers'=>$lng['sort_u_by'],
		'ltitle'=>$lng['admin_users'],
		'lregdate'=>$lng['luregister'],
		'llastvisit'=>$lng['lulastvisit'],
		'lposts'=>$lng['posts'],
		'luname'=>$lng['user_name'],
		'lgo'=>$lng['lgo'],
		'desc_yes_option'=>(($_COOKIE['users_desc']=='desc') || ((isset ($_POST['desc'])) && ($_POST['desc']=='yes'))) ? 'selected="selected"' : '',
		'desc_no_option'=>(($_COOKIE['users_desc']=='no') || ((isset ($_POST['desc'])) && ($_POST['desc']=='no'))) ? 'selected="selected"' : '',
		'regdate_option'=>(($_COOKIE['users_sort']=='regdate') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
		'lastvisit_option'=>(($_COOKIE['users_sort']=='lastvisit') || ((isset ($_POST['sort'])) && ($_POST['sort']=='lastvisit'))) ? 'selected="selected"' : '',
		'posts_option'=>(($_COOKIE['users_sort']=='posts') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
		'uname_option'=>(($_COOKIE['users_sort']=='uname') || ((isset ($_POST['sort'])) && ($_POST['sort']=='uname'))) ? 'selected="selected"' : '',
		'lyes'=>$lng['yes'],
		'lno'=>$lng['no']
		);
		//do it!
		Admin_Over::GenerateHeader();
		require('./template/users_beam_body.tpl');
		switch($_COOKIE['users_sort'])
		{
		case 'regdate':
		{
			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `regdate` $desc $limit;";
			break;	
		}
		case 'lastvisit':
		{
			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `lastvisit` $desc $limit;";
			break;	
		}
		case 'uname':
		{
			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `nick` $desc $limit;";
			break;	
		}
		case 'posts':
		{
			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `posts` $desc $limit;";
			break;	
		}
		}
		$query = DataBase::sql_query($sql,CRITICAL,'Could not obtain user information.');
		while($result = DataBase::fetch($query))
		{
			$skin = array(
			'id'=>$result['u_id'],
			'uname'=>Topic::UserName($result['nick'], $result['rank']),
			'regdate'=>date('d-m-Y, G:i',$result['regdate']),
			'lastvisit'=>($result['lastvisit']!='0') ? date('d-m-Y, G:i',$result['lastvisit']) : $lng['never'],
			'posts'=>$result['posts'],
			'c_del_user'=>$lng['c_delete_user']
			);
			require('./template/user_item_add_body.tpl');
		}
		$skin = array(
		'option_pages'=>ListPages($page, $count),
		'lwith'=>$lng['with'],
		'lpage'=>$lng['page'],
		'lpages'=>$count
		);
		require('./template/users_end_body.tpl');
		require('./template/overall_footer.tpl');
    		break;
  	}
 	default:
 	{
		header('Location: admin_users.php?mode=view');	
		break;
	}
}
?>