<?php
#########################################################################
#                        admin_user_modify.php                          #
#                                                                       #
#            Interface de modification/création d'un utilisateur        #
#                                                                       #
#            Dernière modification : 28/06/2005                         #
#                                                                       #
#########################################################################
/*
 * Copyright 2003-2005 Laurent Delineau
 * D'après http://mrbs.sourceforge.net/
 *
 * This file is part of GRR.
 *
 * GRR is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GRR is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GRR; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */


include "connect.inc.php";
include "config.inc.php";
include "functions.inc.php";
include "$dbsys.inc.php";

// Settings
require_once("./settings.inc.php");
//Chargement des valeurs de la table settingS
if (!loadSettings())
    die("Erreur chargement settings");

// Session related functions
require_once("./session.inc.php");
// Resume session
if (!resumeSession()) {
    header("Location: ./logout.php?auto=1");
    die();
};

// Paramètres langage
include "language.inc.php";

if (isset($_SERVER['HTTP_REFERER'])) $back = $_SERVER['HTTP_REFERER'];
if(authGetUserLevel(getUserName(),-1) < 5)
{
    showAccessDenied($day, $month, $year, $area,$back);
    exit();
}
#If we dont know the right date then make it up
unset($user_login);
$user_login = isset($_GET["user_login"]) ? $_GET["user_login"] : NULL;
$valid = isset($_GET["valid"]) ? $_GET["valid"] : NULL;
$msg='';
$user_nom='';
$user_prenom='';
$user_mail='';
$user_statut='';
$user_source='local';
$user_etat='';
$display="";
$retry='';



if ($valid == "yes") {
    $reg_nom = isset($_GET["reg_nom"]) ? $_GET["reg_nom"] : NULL;
    $reg_prenom = isset($_GET["reg_prenom"]) ? $_GET["reg_prenom"] : NULL;
    $new_login = isset($_GET["new_login"]) ? $_GET["new_login"] : NULL;
    $reg_password = isset($_GET["reg_password"]) ? $_GET["reg_password"] : NULL;
    $reg_password2 = isset($_GET["reg_password2"]) ? $_GET["reg_password2"] : NULL;
    $reg_statut = isset($_GET["reg_statut"]) ? $_GET["reg_statut"] : NULL;
    $reg_email = isset($_GET["reg_email"]) ? $_GET["reg_email"] : NULL;
    $reg_etat = isset($_GET["reg_etat"]) ? $_GET["reg_etat"] : NULL;
    $reg_source = isset($_GET["reg_source"]) ? $_GET["reg_source"] : NULL;


    if (($reg_nom == '') or ($reg_prenom == '')) {
        $msg = $vocab["please_enter_name"];
        $retry = 'yes';
    } else {
        //
        // actions si un nouvel utilisateur a été défini
        //
        if ((isset($new_login)) and ($new_login!='') and (ereg ("^[a-zA-Z0-9_.]{1,20}$", $new_login)) ) {
            $new_login = strtoupper($new_login);
            $reg_password_c = md5($reg_password);
            if (($reg_password != $reg_password2) or (strlen($reg_password) < $pass_leng)) {
                $msg = $vocab["passwd_error"];
                $retry = 'yes';
            } else {
                $sql = "SELECT * FROM grr_utilisateurs WHERE login = '$new_login'";
                $res = sql_query($sql);
                $nombreligne = sql_count ($res);
                if ($nombreligne != 0) {
                    $msg = $vocab["error_exist_login"];
                    $retry = 'yes';
                } else {
                    $sql = "INSERT INTO grr_utilisateurs SET
                    nom='".slashes($reg_nom)."',
                    prenom='".slashes($reg_prenom)."',
                    login='".slashes($new_login)."',
                    password='".slashes($reg_password_c)."',
                    statut='".slashes($reg_statut)."',
                    email='".slashes($reg_email)."',
                    etat='".slashes($reg_etat)."',
                    source='local'";
                    if (sql_command($sql) < 0)
                        {fatal_error(0, $vocab["msg_login_created_error"] . sql_error());
                    } else {
                        $msg = $vocab["msg_login_created"];
                    }
                    $user_login = $new_login;
                }
            }
//
//action s'il s'agit d'une modification
//
        } else if ((isset($user_login)) and ($user_login!='')) {
            if (isset($reg_source)) {
                // On demande un changement de la source ext->local
                $reg_password_c = md5($reg_password);
                if (($reg_password != $reg_password2) or (strlen($reg_password) < $pass_leng)) {
                    $msg = $vocab["passwd_error"];
                    $retry = 'yes';
                }
                $source = "source='local',password='".slashes($reg_password_c)."',";
            } else {
                $source = "";
            }
        if ($retry != 'yes') {
            $sql = "UPDATE grr_utilisateurs SET nom='".slashes($reg_nom)."',
            prenom='".slashes($reg_prenom)."',
            statut='".slashes($reg_statut)."',
            email='".slashes($reg_email)."',".$source."
            etat='".slashes($reg_etat)."'
            WHERE login='".slashes($user_login)."'";
            if (sql_command($sql) < 0)
                {fatal_error(0, $vocab["message_records_error"] . sql_error());
            } else {
                $msg = $vocab["message_records"];
            }

            // Cas où on a déclaré un utilisateur inactif, on le supprime dans les tables grr_j_user_area,  grr_j_mailuser_room
            if ($reg_etat != 'actif') {
                $sql = "DELETE FROM grr_j_user_area WHERE login='$user_login'";
                if (sql_command($sql) < 0) fatal_error(0, $vocab['message_records_error'] . sql_error());
                $sql = "DELETE FROM grr_j_mailuser_room WHERE login='$user_login'";
                if (sql_command($sql) < 0) fatal_error(0, $vocab['message_records_error'] . sql_error());
            }

            // Cas où on a déclaré un utilisateur visiteur, on le supprime dans les tables grr_j_user_area, grr_j_mailuser_room et grr_j_user_room

            if ($reg_statut=='visiteur') {
                $sql = "DELETE FROM grr_j_user_room WHERE login='$user_login'";
                if (sql_command($sql) < 0)
                    fatal_error(0, $vocab['message_records_error'] . sql_error());
                $sql = "DELETE FROM grr_j_mailuser_room WHERE login='$user_login'";
                if (sql_command($sql) < 0)
                    fatal_error(0, $vocab['message_records_error'] . sql_error());
                $sql = "DELETE FROM grr_j_user_area WHERE login='$user_login'";
                if (sql_command($sql) < 0)
                    fatal_error(0, $vocab['message_records_error'] . sql_error());
            }
            if ($reg_statut=='administrateur') {
                $sql = "DELETE FROM grr_j_user_room WHERE login='$user_login'";
                if (sql_command($sql) < 0)
                    fatal_error(0, $vocab['message_records_error'] . sql_error());
                $sql = "DELETE FROM grr_j_user_area WHERE login='$user_login'";
                if (sql_command($sql) < 0)
                    fatal_error(0, $vocab['message_records_error'] . sql_error());
            }
        }

        } else {
            $msg = $vocab["only_letters_and_numbers"];
            $retry = 'yes';
        }
    }
    if ($retry == 'yes') {
        $user_nom = $reg_nom;
        $user_prenom = $reg_prenom;
        $user_statut = $reg_statut;
        $user_mail = $reg_email;
        $user_etat = $reg_etat;
    }
}

// On appelle les informations de l'utilisateur pour les afficher :
if (isset($user_login) and ($user_login!='')) {
    $sql = "SELECT nom, prenom, statut, etat, email, source FROM grr_utilisateurs WHERE login='$user_login'";
    $res = sql_query($sql);
    if ($res) {
        for ($i = 0; ($row = sql_row($res, $i)); $i++)
        {
        $user_nom = $row[0];
        $user_prenom = $row[1];
        $user_statut = $row[2];
        $user_etat = $row[3];
        $user_mail = $row[4];
        $user_source = $row[5];
        }
    }
}
if((authGetUserLevel(getUserName(),-1) < 1) and ($authentification_obli==1))
{
    showAccessDenied($day, $month, $year, $area,$back);
    exit();
}


# print the page header
print_header("","","","",$type="with_session", $page="admin");

echo "<noscript>";
echo "<font color='red'>$msg</font>";
echo "</noscript>";
if ($msg) {
    echo "<script type=\"text/javascript\" language=\"javascript\">";
    echo "<!--\n";
    echo " alert(\"".$msg."\")";
    echo "//-->";
    echo "</script>";
    unset($msg);
}

if (isset($user_login) and ($user_login!='')) {
    echo "<h2>".$vocab['admin_user_modify_modify.php']."</h2>";
} else {
    echo "<h2>".$vocab['admin_user_modify_create.php']."</h2>";
}


?>
<p class=bold>
| <a href="admin_user.php?display=<?php echo $display; ?>"><?php echo $vocab["back"]; ?></a> |
<?php
if (isset($user_login) and ($user_login!='')) {
    echo "<a href=\"admin_user_modify.php?display=$display\">".$vocab["display_add_user"]."</a> | ";
    if (($user_source=='local') or ($user_source==''))
    echo "<a href=\"admin_change_pwd.php?user_login=$user_login\">".$vocab["change_pwd"]."</a> |";
} ?>
<br><?php echo $vocab["required"]; ?>
</p>
<form enctype="multipart/form-data" action="admin_user_modify.php?display=<?php echo $display; ?>" method='GET'>

<span class = "norme">
<?php
echo $vocab["login"]." * : ";
if (isset($user_login) and ($user_login!='')) {
    echo "$user_login";
    echo "<input type=hidden name=reg_login value=\"$user_login\">";
} else {
    echo "<input type=text name=new_login size=20 value=\"".htmlentities($user_login)."\">";
}
?>


<br><?php echo $vocab["last_name"]; ?> * : <input type=text name=reg_nom size=20 <?php if ($user_nom) { echo "value=\"".htmlentities($user_nom)."\"";}?>>
<br><?php echo $vocab["first_name"]; ?> * : <input type=text name=reg_prenom size=20 <?php if ($user_prenom) { echo "value=\"".htmlentities($user_prenom)."\"";}?>>

<br><?php echo $vocab["mail_user"]; ?> : <input type=text name=reg_email size=30 <?php if ($user_mail) { echo "value=\"".htmlentities($user_mail)."\"";}?>>
<?php
if (!(isset($user_login)) or ($user_login=='')) {
    echo "<br>".$vocab["pwd_toot_short"]." * : <input type=password name=reg_password size=20>";
    echo "<br>".$vocab["confirm_pwd"]." * : <input type=password name=reg_password2 size=20>";
}
?>
<br><?php echo $vocab["statut"]; ?> : <SELECT name=reg_statut size=1>
<?php
echo "<option value=utilisateur "; if ($user_statut == "utilisateur") { echo "SELECTED";}; echo ">".$vocab["statut_user"];
echo "<option value=visiteur "; if ($user_statut == "visiteur") { echo "SELECTED";}; echo ">".$vocab["statut_visitor"];

if ((getSettingValue("ldap_statut") == '') or (getSettingValue("cas_statut") == '')) {
   echo "<option value=administrateur "; if ($user_statut == "administrateur") { echo "SELECTED";}; echo ">".$vocab["statut_administrator"];
}
?>
</select>
<br>

<br><?php echo $vocab["activ_no_activ"]; ?> :<select name=reg_etat size=1>
<option value=actif <?php if ($user_etat == "actif") { echo "SELECTED";}?>><?php echo $vocab["activ_user"]; ?>
<option value=inactif <?php if ($user_etat == "inactif") { echo "SELECTED";}?>><?php echo $vocab["no_activ_user"]; ?>
</select>
<br>
<?php
if ($user_source == 'ext') {
    echo "<br><br><table border=\"1\" cellpadding=\"5\" cellspacing=\"1\" width=\"100%\"><tr><td>";
    echo $vocab["authentification"]." <b>".$vocab["Externe"]."</b><br>";

    echo "<input type=\"checkbox\" name=\"reg_source\" />".$vocab["Changer_source_utilisateur_local"]."<br> ";
    echo "<br>".$vocab["pwd_toot_short"]." * : <input type=password name=reg_password size=20>";
    echo "<br>".$vocab["confirm_pwd"]." * : <input type=password name=reg_password2 size=20>";
    echo "</td></tr></table>";
}
?>

<input type=hidden name=valid value="yes">
<input type=hidden name=user_login value=<?php echo "$user_login"; ?>>
<br><center><input type=submit value=<?php echo $vocab["submit"];?>></center>
</span>
</form>


</body>
</html>