<?php
/*
 * e107 website system
 *
 * Copyright (C) 2008-2013 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 * Administrators Management
 *
*/

require_once(__DIR__.'/../class2.php');
if (!getperms('3'))
{
	e107::redirect('admin');
	exit;
}

if(isset($_POST['go_back']))
{ //return to listing - clear all posted data
	header('Location:'.e_ADMIN_ABS.e_PAGE);
	exit;
}

e107::coreLan('administrator', true);

$e_sub_cat = 'admin';
require_once('auth.php');

$frm = e107::getForm();
$mes = e107::getMessage();
$prm = e107::getUserPerms();

$action = '';
$sub_action = -1;
if (e_QUERY)
{
	$tmp = explode(".", e_QUERY);
	$action = $tmp[0];					// Used when called from elsewhere
	$sub_action = varset($tmp[1],-1);	// User ID
	unset($tmp);
}

if(deftrue('e_DEMOMODE') && varset($_POST['update_admin']))
{
	
	$mes = e107::getMessage();
	$ns = e107::getRender();
	$mes->addWarning(LAN_DEMO_FORBIDDEN);
	$ns->tablerender("Forbidden",$mes->render());	
	require_once("footer.php");
	exit;
		
}

if (isset($_POST['update_admin'])) // Permissions updated
{	
	$prm->updatePerms($_POST['a_id'],$_POST['perms']);	
}


if (isset($_POST['edit_admin']) || $action == "edit")
{
	$edid = array_keys($_POST['edit_admin']);
    $theid = intval(($sub_action < 0) ? $edid[0] : $sub_action);
	if ((!$sql->select("user", "*", "user_id=".$theid))
		|| !($row = $sql->fetch()))
	{
		$mes->addDebug("Couldn't find user ID: {$theid}, {$sub_action}, {$edid[0]}");	// Debug code - shouldn't be executed
	}
}


if (isset($_POST['del_admin']) && count($_POST['del_admin']))
{
	$delid = array_keys($_POST['del_admin']);
	$aID = intval($delid[0]);
	$sql->select("user", "*", "user_id= ".$aID);
	$row = $sql->fetch();

	if ($row['user_id'] == 1)
	{	// Can't delete main admin
		$text = $row['user_name']." ".ADMSLAN_6."
		<br /><br />
		<a href='".e_ADMIN_ABS."administrator.php'>".LAN_CONTINUE."</a>";

		$mes->addError($text);
		$ns->tablerender(LAN_ERROR, $mes->render());

		require_once("footer.php");
		exit;
	}

	$mes->addAuto($sql->update("user", "user_admin=0, user_perms='' WHERE user_id= ".$aID), 'update', ADMSLAN_61, LAN_DELETED_FAILED, false);
	$logMsg = str_replace(array('[x]', '[y]'),array($aID, $row['user_name']),ADMSLAN_73);
	e107::getLog()->add('ADMIN_02',$logMsg,E_LOG_INFORMATIVE,'');
}


if(isset($_POST['edit_admin']) || $action == "edit")
{
	$prm->edit_administrator($row);
}
else
{
   show_admins();
}


function show_admins()
{
	$sql = e107::getDb();
	$frm = e107::getForm();
	$ns = e107::getRender();
	$mes = e107::getMessage();
	$tp = e107::getParser();
	$prm = e107::getUserPerms();

	
	
	$sql->select("user", "*", "user_admin='1'");

	$text = "
	<form action='".e_SELF."' method='post' id='del_administrator'>
		<fieldset id='core-administrator-list'>
			<legend class='e-hideme'>".ADMSLAN_13."</legend>
			<table class='table adminlist'>
				<colgroup>
					<col style='width:  5%' />
					<col style='width: 20%' />
					<col style='width: 65%' />
					<col style='width: 10%' />
				</colgroup>
				<thead>
					<tr>
						<th>ID</th>
						<th>".ADMSLAN_56."</th>
						<th>".ADMSLAN_18."</th>
						<th class='center last'>".LAN_OPTIONS."</th>
					</tr>
				</thead>
				<tbody>

	";

	while ($row = $sql->fetch())
	{
		//$permtxt = "";
		$text .= "
					<tr>
						<td>".$row['user_id']."</td>
						<td><a href='".e107::getUrl()->create('user/profile/view', array('id' => $row['user_id'], 'name' => $row['user_name']))."'>".$row['user_name']."</a></td>
						<td>
							".$prm->renderperms($row['user_perms'],$row['user_id'],"words")."
						</td>
						<td class='center'>
		";
		if($row['user_id'] != "1" && intval($row['user_id']) !== USERID)
		{
    		$text .= "
							".$frm->submit_image("edit_admin[{$row['user_id']}]", 'edit', 'edit', LAN_EDIT)."
							".$frm->submit_image("del_admin[{$row['user_id']}]", 'del', 'delete', ADMSLAN_59."? [".$row['user_name']."]")."

			";
    	}

		$text .= "
						</td>
					</tr>
		";
	}

	$text .= "
				</tbody>
			</table>
			".$frm->hidden('del_administrator_confirm','1')."
		</fieldset>
	</form>

	";
	$ns->tablerender(ADMSLAN_13, $mes->render().$text);
}


require_once("footer.php");





/**
 * Handle page DOM within the page header
 *
 * @return string JS source
 */
function headerjs()
{
	return '';
/*
	require_once(e_HANDLER.'js_helper.php');
	$ret = "
		<script>
			//add required core lan - delete confirm message
			('".LAN_JSCONFIRM."').addModLan('core', 'delete_confirm');
		</script>
		<script src='".e_JS."core/admin.js'></script>
	";

	return $ret;*/
}
?>