account.php

File Type: php File Location: monofiles/ File name: account.php
<?php

    
// Manage user account
    
include_once 'data_connect.php';
    include 
'log.php';
    
    if (
get_account($_SESSION['userID'])['rights'] != 'administrator'){
        
header('Location:panel.php');
        exit();
    }


    
$log 'filesinfo/log.xml';
    
    
    if (isset(
$_POST['username'])) {
        
        
$stg = new SimpleXMLElement('filesinfo/settings.xml',null,true);

        
$usr str_replace('  ','',$_POST['username']);
        
$psw str_replace(' ','',$_POST['password']);
        
$typ $_POST['accounttype'];
        
        if((
strlen($usr) < 3) || (strlen($usr) > 40)){
            
            if (isset(
$_POST['hiddenname'])){
    
            
//error
            
$_SESSION['account'] = '<div id="error-confirm"><span>Username must be between 3-40 characters</span></div>';
            
header('Location:accmanage.php');
            exit();
            }
            
            else     
            
$message '<div id="error-confirm"><span>Username must be between 3-40 characters</span></div>';
        }
        
        
//array
        
$usernames = array();
        
$logfile simplexml_load_file($log);
        
        foreach(
$logfile->user as $user){
                
$usernames[] = $user->name;
        }

        if ( (
array_search($usr,$usernames) !== false) ) {
            
            
//if (!isset($_POST['hiddenname'])) 
            
                // error
                //$message = '<div id="error-confirm"><span>Username is already in use.</span></div>';
            
            
            
if ( (isset($_POST['hiddenname']) ) && ($_POST['hiddenname'] != $usr) ){
                
                
//error
                
$_SESSION['account'] = '<div id="error-confirm"><span>Username is already in use</span></div>';
                
header('Location:accmanage.php');
                exit();
            }
        
        }
        
        if  (
$_POST['hiddenname'] == null)  {

            if (isset(
$_POST['password']))  {
                
                
//create account
                
include 'set-cost.php';
                
$pshs password_hash($pswPASSWORD_DEFAULT,["cost" => $cost]);
                
                
$logsave = new SimpleXMLElement($log,null,true);
                
                
$id md5(time()+microtime());
                
                
$newuser $logsave->addChild('user','');
                
$newuser->addChild('name',$usr);
                
$newuser->addChild('pshs',$pshs);
                
$newuser->addChild('rights',$typ);
                
$newuser->addChild('login','none');
                
$newuser->addChild('ip',' ');
                
$newuser->addChild('icon','images/default_user.png');
                
$newuser->addChild('description',' ');
                
$newuser->addChild('signposts','off');
                
$newuser->addChild('sidemenu','off');
                
$subres $newuser->addChild('results','');
                
$subres->addChild('posts','5');
                
                if (
$typ == 'administrator')
                    
$subres->addChild('pages','5');
                
                
$subres->addChild('images','5');
                
$newuser->addChild('userID',$id);

                
$logsave->asXML($log);
                
                
//write a panel appearance folder
                
mkdir('style/'.$id,0777,true);
                
                
$_SESSION['account'] = '<div id="action-confirm"><span>Account created</span></div>';
            }

            
//else
            //$message = '<div id="error-confirm"><span>Password was not set.</span></div>';
            
            
        
}
        
        if (
$_POST['hiddenname'] != null) {
            
            if ( (
$_POST['hiddenname'] == $usr) || ((array_search($usr,$usernames) === false) && ($_POST['hiddenname'] != $usr)) ) {
                
                
                
$cur_owner = (string)$stg->general->ownerid;
                
                if ( (
$cur_owner == get_account($_SESSION['username'])['userID']) && ($_POST['accounttype'] != 'administrator')) {
                    
                    
$_SESSION['account'] = '<div id="error-confirm"><span>Could not modify this admin account</span></div>';
                    
header('Location:accmanage.php');
                    exit();
                    
                }
                
                
//update account
                
$updt update_account($_POST['hiddenid'],'set');
                
                if (
$updt === false)
                    
$_SESSION['account'] = '<div id="action-confirm"><span>Account does not exist</span></div>';
                
                
// if we confirm account update was succesful, update the username in the session
                
else {
                    
                    
//
                    
if ($_SESSION['userID'] == $_POST['hiddenid'])
                        
$_SESSION['username'] = $usr;

                    
                    
$_SESSION['account'] = '<div id="action-confirm"><span>Account modified</span></div>';
                    
                    
// also change ownername in settings, if this is the website owner
                    
if ($_POST['hiddenid'] == $cur_owner) {
                        
$stg->general->ownername $usr;
                        
$stg->asXML('filesinfo/settings.xml');
                    }
                }
                
                
              }
        }
        
        if (isset(
$_SESSION['account'])) {
            
header('Location:accmanage.php');
            exit();
        }
    }
    
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Users - Account info</title>
<link rel="stylesheet" type="text/css" href="cmstyle.css">
<?php
    
include 'csstheme.php'
    
?>
</head>
<body>
<?php
        
    
include 'mypanel.php';
    
    if (isset(
$message))
        echo 
$message
    
?>
    <div class="main">

        <h1 class="inbl"><a href="accmanage.php" title="Back to Accounts">&larr;</a> Account information</h1>
        
        <div id="main-container">
            <div class="results">
                <form action="account.php" method="POST" name="acc" style="margin-left:30px">
                
                
                    <!-- Current username hidden -->
                    
                    <input name="hiddenname" type="text" value="<?php if (isset($_GET['userid'])) print get_account($_GET['userid'])['name'?>" hidden>
                    
                    <!-- Current user id hidden -->
                    
                    <input name="hiddenid" type="text" value="<?php if (isset($_GET['userid'])) print $_GET['userid'?>" hidden>
                    
                    
                    <!-- Username -->
                    
                    <input name="username" type="text" id="account-username" class="inp-usr" title="Username" value="<?php if (isset($_GET['userid'])) print get_account($_GET['userid'])['name'?>" placeholder="Username">
                    
                    
                    
                    
                    <!-- Password -->

                    <?php if (!isset($_GET['userid'])) : ?>
                    
                        <input name="password" type="text" id="account-password" class="inp-psw" title="Password" value="" placeholder="Password">
                        
                        
                        <div class="clear" style="height:40px"></div>
                        

                    <?php endif ?>
                    
                    
                    <!-- Account type -->
                    <label for="select-type" style="font-size:16px; position:relative; left:-8px">Account type</label>
                    <select name="accounttype" id="select-type">
                        <?php
                        
if (isset($_GET['userid'])){
                            
                            
$stgs simplexml_load_file('filesinfo/settings.xml');
                            
$cur_owner = (string)$stgs->general->ownerid;

                            if (
$_GET['userid'] == $cur_owner)
                                print 
'<option>administrator</option>'.PHP_EOL;

                            else {

                            
$type get_account($_GET['userid'])['rights'];

                            print 
'<option>'.$type.'</option>'.PHP_EOL;

                            if (
$type == 'administrator')

                                print 
'<option>author</option>'.PHP_EOL;

                            else    

                            print 
'<option>administrator</option>'.PHP_EOL;
                            
                            }
                        
                        }
                        
                        else 
                        
                        print 
'<option>administrator</option>'.PHP_EOL.'<option>author</option>'.PHP_EOL
                        
                    ?>
                    </select>
                    
                    
                    <div class="clear" style="height:40px"></div>
                    
                    
                    <!-- SUBMIT -->
                    <input type="submit" class="stylish-button" value="Submit account" title="Submit account">
                    
                    
                </form>
            </div>
        </div>
    </div>
</body>
</html>