<?php

    
    # Manage all user accounts



    # login
    include_once 'data_connect.php';
    include_once 'log.php';
    


    # user rights - admins only
    if (get_account($_SESSION['userID'])['rights'] != 'administrator') {
        header('Location:opensaved.php');
        exit();
    }


    
    # Create new object
    $settings = simplexml_object('settings.xml','e',null);
    $ownerid = $settings->general->ownerid;


    if (isset($_GET['userid'])) {
        
        
        # Owner cannot be deleted
        if ($ownerid == $_GET['userid'])
            $_SESSION['account_owner_del'] = true;

        # Delete
        elseif (update_account($_GET['userid'],'delete') !== false) {
            #self delete is possible
            if ($_SESSION['userID'] == $_GET['userid']) {
                header('Location:login.php');
                exit;
            }
            $_SESSION['account_deleted'] = true;
        }
    }
    

    # User to owner (uto)
    if (isset($_GET['uto'])) {
        
        $newow = $_GET['uto'];
        $newowacc = get_account($newow);
        
        if ($newowacc['rights'] == 'administrator' && $ownerid == $_SESSION['userID']) {
            
            if ($newowacc['name'] != $ownerid) {

                $settings->general->ownerid = $newow;

                # Save
                simplexml_object_save('settings.xml',$settings,null);
                $_SESSION['account_set_to_owner'] = true;
            }
        }
        
        else
        $_SESSION['account_cannot_set'] = true;
        
        header('Location:accmanage.php');
        exit;
    }



    # extensions
    include 'command.php'



?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Accounts</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="cmstyle.css">
<?php include 'csstheme.php' ?>
<script type="text/javascript">
function conf(){
    return confirm('Delete this account?');
}
function confs(){
    return confirm('Make this user website owner?');
}
</script>
</head>
<body>
    <style>
        #accounts{<?php include 'cmcurrentpage.css' ?>}
    </style>
<?php


    # panel
    include 'mypanel.php';
    action_confirm()



?>
    <div class="main">
        <h1>Accounts <a class="newpostbut" href="account.php" id="newaccount" title="Create a user account"><span class="addnew">+</span>&nbsp;Create a user account</a></h1>

        <div id="main-container">
            <div class="results savedusers">
                <div class="pbar pbaraccounts">
                    <span>User</span>
                    <span>Last seen</span>
                    <span>Type</span>
                </div>
        
        <?php


            $logfile = simplexml_object('log.xml','l',null);
            include 'dateform.php';

            $c=0;
            foreach($logfile->user as $user) {

                $name = $user->name;
                $rights = $user->rights;
                $login = $user->login; #formatted string
                $img = $user->urlicon != '' ? '../images/'.$user->urlicon : $user->icon;
                $userid = $user->userID;



                # Make owner
                if ($userid == (string)$xmls->ownerid || $rights != 'administrator' || $_SESSION['userID'] != (string)$xmls->ownerid)
                    $cto = '<span class="options-button option-off">Make owner</span>';
                else 
                    $cto = '<a href="accmanage.php?uto='.$userid.'" class="options-button" title="Make owner" onclick="return confs(this)">Make owner</a>';

                # Delete user
                if ($rights != 'administrator' || (string)$userid != (string)$ownerid) {
                    $delacc = '<a href="accmanage.php?userid='.$userid.'" class="options-button del-op-but" title="Delete account" onclick="return conf(this)">Delete</a>';
                    $ownericon = '';
                }

                else  {
                    $delacc = '<span href="#" class="options-button option-off" title="Owner account cannot be deleted">Delete</span>';
                    $ownericon = '<img class="ownericon" title="Owner" src="images/owner.gif">';
                }



                $ftime = ($login == 'none') ? '...' : date_form(strtotime($login));



                if ($user->status != 'del')

                    echo '<div class="savedfile">
                    <span class="account-username"><img src="'.$img.'">'.$name.'</span>
                    <div class="post-options">
                    <a href="account.php?userid='.$userid.'" title="Edit account" class="options-button">Edit account</a>
                    '.$delacc.PHP_EOL.$cto.'
                    </div>
                    <div class="last-login" title="last login">'.$ftime.'</div>
                    <div class="type" style="margin-right:40px">
                    <span>'.$rights.'</span>
                    </div>
                    '.$ownericon.'
                    </div>';

                $c++;
            }
        ?>
            </div>
        </div>
    </div>
    <?php
    
    
    
    # plugins
    include 'execute.php'    
        
        
    
    ?>
</body>
</html>