remove obsolete type="text/javascript" from script tags

[wfpl-cms.git] / admin_admins.php

<?php

# Reset password from the commandline: echo -E "update admins set password="$(echo '<?php print(sha1("NEW_PASSWORD"));' | php)" where username='USERNAME';" | mysql DB_NAME_HERE

define('ADMIN_ADMINS_DB_FIELDS', 'name,username,password,privs');


require_once(INC_WFPL . 'format.php');
require_once(INC_WFPL . 'email.php');

function admin_admins_get_fields() {
        $data = array();

        $data['name'] = format_oneline(_REQUEST_cut('name'));
        $data['username'] = format_oneline(_REQUEST_cut('username'));
        $data['password'] = format_oneline(_REQUEST_cut('password'));
        if($data['password'] && strlen($data['password']) != 40) {
                $data['password'] = sha1($data['password']);
        }
        $data['privs'] = format_options(_REQUEST_cut('privs'), 'privs');

        return $data;
}


function admin_admins_main() {
        if(logged_in_as_admin()) {
                tem_set('admin_privs');
        } else {
                $_REQUEST['url'] = this_url();
                return 'admin_login';
        }

        $id = _REQUEST_cut('edit_id');
        if($id) {
                return admin_admins_main_form($id);
        }

        $id = _REQUEST_cut('admin_admins_delete_id');
        if($id) {
                return admin_admins_main_delete($id);
        }

        if(_REQUEST_cut('new')) {
                return admin_admins_main_form();
        }

        if(_REQUEST_cut('list')) {
                return admin_admins_main_listing();
        }

        if(isset($_POST['username'])) {
                return admin_admins_main_form();
        }

        # default action:
        return admin_admins_main_listing();
}

function admin_admins_main_delete($id) {
        db_delete('admins', 'where id=%i', $id);
        message('Account deleted.');
        return './admin_admins';
}

function admin_admins_main_listing() {
        $listing_rows = db_get_assocs('admins', 'id,name,username,privs', 'order by coalesce(nullif("",name),username)');
        tem_set('listings', $listing_rows);
}

function admin_admins_main_form($id = false) {
        pulldown('privs', array(
                array('', 'None'),
                array('admin', 'Admin')
        ));

        if($id) {
                # add hidden field for database id of row we're editing
                tem_set('id', $id);
                tem_set('editing');
                tem_set('edit_msg');
        } else {
                tem_set('new_msg');
        }

        if(isset($_POST['username'])) {
                $data = admin_admins_get_fields();

                if($data['username']) {
                        if($id) {
                                db_update_assoc('admins', $data, 'where id=%i', $id);
                                message('Account updated.');
                        } else {
                                db_insert_assoc('admins', $data);
                                message('Account saved.');
                        }
                        if($error !== true) {
                                return './admin_admins';
                        }
                } else {
                        message('"username" is required. To disable an account without deleting it, make the password blank');
                }
        } elseif($id) {
                # we've recieved an edit id, but no data. So we grab the values to be edited from the database
                $data = db_get_assoc('admins', ADMIN_ADMINS_DB_FIELDS, 'where id=%i', $id);
        } else {
                # form not submitted, you can set default values:
                $data = array(
                        'password' => session_generate_key() # [a-zA-Z0-9]{16}
                );
        }

        tem_set('form', $data);
}