2 // There is the potential for a lot of mischief from users trying to
3 // access this file in ways the shouldn't. Users may try to type in
4 // a URL to get around functions that are not being displayed on the
7 include_once $gfplugins.'webcalendar/www/includes/init.php';
13 $action = getValue ( "action" );
16 if ( ( $action == "Delete" || $action == translate ("Delete") ) &&
17 $formtype == "edituser" ) {
19 if ( $admin_can_delete_user ) {
20 user_delete_user ( $user ); // will also delete user's events
22 $error = translate("Deleting users not supported") . ".";
25 $error = translate("You are not authorized") . ".";
29 // Handle update of password
30 else if ( $formtype == "setpassword" && strlen ( $user ) ) {
31 if ( $upassword1 != $upassword2 ) {
32 $error = translate("The passwords were not identical") . ".";
33 } else if ( strlen ( $upassword1 ) ) {
34 if ( $user_can_update_password )
35 user_update_user_password ( $user, $upassword1 );
37 $error = translate("You are not authorized") . ".";
39 $error = translate("You have not entered a password") . ".";
42 // Handle update of user info
43 else if ( $formtype == "edituser" ) {
44 if ( strlen ( $add ) && $is_admin ) {
45 if ( $upassword1 != $upassword2 ) {
46 $error = translate( "The passwords were not identical" ) . ".";
48 if ( addslashes ( $user ) != $user ) {
49 // This error should get caught before here anyhow, so
50 // no need to translate this. This is just in case :-)
51 $error = "Invalid characters in login.";
52 } else if ( empty ( $user ) || $user == "" ) {
53 // Username can not be blank. This is currently the only place that
54 // calls user_add_user that is located in $user_inc
55 $error = translate( "Username can not be blank" ) . ".";
57 user_add_user ( $user, $upassword1, $ufirstname, $ulastname,
58 $uemail, $uis_admin );
61 } else if ( strlen ( $add ) && ! $is_admin ) {
62 $error = translate("You are not authorized") . ".";
64 // Don't allow a user to change themself to an admin by setting
65 // uis_admin in the URL by hand. They must be admin beforehand.
68 user_update_user ( $user, $ufirstname, $ulastname,
69 $uemail, $uis_admin );
73 $nextURL = empty ( $is_admin ) ? "adminhome.php" : "users.php";
75 if ( ! empty ( $error ) ) {
76 print_header( '', '', '', true );
79 <h2><?php etranslate("Error")?></h2>
84 // echo "<br /><br /><strong>SQL:</strong> $sql";
89 <?php } else if ( empty ($error) ) {
90 ?><html><head></head><body onload="alert('<?php etranslate("Changes successfully saved");?>'); window.parent.location.href='<?php echo $nextURL;?>';">
91 </body></html><?php } ?>