manageusers.php

<?php 
//
// GiftWeb: PHP/PostgreSQL online Gift Registry System 
// Matthew T. Jachimstal
// Copyright (C) 2000-2008  Matthew T. Jachimstal
//
// email: matthew@jachimstal.com
//
// Snail mail: Matthew Jachimstal
//             1106 Canterbury Ct, Unit D
//             Elgin, IL 60120
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
//

require "./main.inc";
require "./util.php";

$s = $_COOKIE["GiftWeb_Session"];

$uid = validatesession($s);

$conn = ADONewConnection($dbtype);
$conn->PConnect($dbhost, $dbuser, $dbpass, $dbname);

// Check if the user opening this page is a site admin.
// If not, exit right away

$sql = "SELECT * FROM giftweb WHERE admin='$uid'";
$result1 = $conn->Execute($sql);

if ($result1->RecordCount() == 0)
{
	startpage_old("Error: Not Administrator", 0);
	?>
	<h2>Error: You are not the site administrator</h2>
	<?php 
	redir("./main.php", "the main GiftWeb page", 3);
	endpage_old(-1);
	exit();
}

startpage_old("Site Administration", 0);
echo "<h3>Manage Users</h3>\n";

if (isset($_POST["del_users"]))
{
	delete_users();
}

display_form();

function delete_users()
{
	global $conn;

	if (isset($_POST["userlist"]))
	{
		$users_selected = $_POST["userlist"];
		$cnt = count($users_selected);
		echo "<ul>\n";

		for ($i=0; $i < $cnt; $i++)
		{
			$grp_sql = "SELECT * FROM groups WHERE admin='$users_selected[$i]'";
			$grp_result = $conn->Execute($grp_sql);
			for ($j=0; $j < $grp_result->RecordCount(); $j++) 
			{
				$adm_grp = chop($grp_result->fields["description"]);
				echo "<li>The site administrator is now the group 
					administrator for group $adm_grp.</li>\n"
					$grp_result->MoveNext();
			}
			$adm_sql = "UPDATE groups SET admin='$uid' WHERE admin='$users_selected[$i]'";
			$adm_result = $conn->Execute($adm_sql);

			$sql = "DELETE FROM users WHERE uid='$users_selected[$i]'";
			$result = $conn->Execute($sql);

		?>
			</ul>
			<h3>Users have been deleted.</h3>
			<?php 
	}
	else
	{
		echo "<h3>No users have been deleted.</h3>\n";
	}
}

function display_form()
{
	$sql = "SELECT * FROM users WHERE uid != '$uid' ORDER BY last_name, first_name";
	$result = $conn->Execute($sql);

	?>
	<form method="post" action="manageusers.php">
	<table cellspacing=1 cellpadding=2 border=1>
	<tr>
		<th>Select</th>
		<th>Last Name</th>
		<th>First Name</th>
	</tr>
	<?php 

	$result->MoveFirst();
	for ($i=0; $i < $result->RecordCount(); $i++)
	{
		$fname = chop($result->fields["first_name"]);
		$lname = chop($result->fields["last_name"]);
		$userid = chop($result->fields["uid"]);

		?>
		<tr>
			<td><input type=checkbox name=userlist[]"
				 value="<?php echo $userid?>"></td>
			<td><?php echo $lname?></td>
			<td><?php echo $fname?></td>
		</tr>
		<?php 
		$result->MoveNext();
	}

	?>
	</table>
	<center>
	<table><tr>
		<td><input type=submit name=del_users value="Delete users"></td>
		<td width=90%>&nbsp;</td>
		</tr>
	</table><br>
	</center>
	<h3><a href="./siteadmin.php">Return to Site Admin page</a></h3>

	<?php 
}

?>