3 # Reset password from the commandline: echo -E "update admins set password="$(echo '<?php print(sha1("NEW_PASSWORD"));' | php)" where username='USERNAME';" | mysql DB_NAME_HERE
5 define('ADMIN_ADMINS_DB_FIELDS', 'name,username,password,privs');
8 require_once(INC_WFPL . 'format.php');
9 require_once(INC_WFPL . 'email.php');
11 function admin_admins_get_fields() {
14 $data['name'] = format_oneline(_REQUEST_cut('name'));
15 $data['username'] = format_oneline(_REQUEST_cut('username'));
16 $data['password'] = format_oneline(_REQUEST_cut('password'));
17 if($data['password'] && strlen($data['password']) != 40) {
18 $data['password'] = sha1($data['password']);
20 $data['privs'] = format_options(_REQUEST_cut('privs'), 'privs');
26 function admin_admins_main() {
27 if(logged_in_as_admin()) {
28 tem_set('admin_privs');
30 $_REQUEST['url'] = this_url();
34 $id = _REQUEST_cut('edit_id');
36 return admin_admins_main_form($id);
39 $id = _REQUEST_cut('admin_admins_delete_id');
41 return admin_admins_main_delete($id);
44 if(_REQUEST_cut('new')) {
45 return admin_admins_main_form();
48 if(_REQUEST_cut('list')) {
49 return admin_admins_main_listing();
52 if(isset($_POST['username'])) {
53 return admin_admins_main_form();
57 return admin_admins_main_listing();
60 function admin_admins_main_delete($id) {
61 db_delete('admins', 'where id=%i', $id);
62 message('Account deleted.');
63 return './admin_admins';
66 function admin_admins_main_listing() {
67 $listing_rows = db_get_assocs('admins', 'id,name,username,privs', 'order by coalesce(nullif("",name),username)');
68 tem_set('listings', $listing_rows);
71 function admin_admins_main_form($id = false) {
72 pulldown('privs', array(
74 array('admin', 'Admin')
78 # add hidden field for database id of row we're editing
86 if(isset($_POST['username'])) {
87 $data = admin_admins_get_fields();
89 if($data['username']) {
91 db_update_assoc('admins', $data, 'where id=%i', $id);
92 message('Account updated.');
94 db_insert_assoc('admins', $data);
95 message('Account saved.');
98 return './admin_admins';
101 message('"username" is required. To disable an account without deleting it, make the password blank');
104 # we've recieved an edit id, but no data. So we grab the values to be edited from the database
105 $data = db_get_assoc('admins', ADMIN_ADMINS_DB_FIELDS, 'where id=%i', $id);
107 # form not submitted, you can set default values:
109 'password' => session_generate_key() # [a-zA-Z0-9]{16}
113 tem_set('form', $data);