+<?php
+
+# Reset password from the commandline: echo -E "update admins set password="$(echo '<?php print(sha1("NEW_PASSWORD"));' | php)" where username='USERNAME';" | mysql DB_NAME_HERE
+
+define('ADMIN_ADMINS_DB_FIELDS', 'name,username,password,privs');
+
+
+require_once('code/wfpl/format.php');
+require_once('code/wfpl/email.php');
+
+function admin_admins_get_fields() {
+ $data = array();
+
+ $data['name'] = format_oneline(_REQUEST_cut('name'));
+ $data['username'] = format_oneline(_REQUEST_cut('username'));
+ $data['password'] = format_oneline(_REQUEST_cut('password'));
+ if($data['password'] && strlen($data['password']) != 40) {
+ $data['password'] = sha1($data['password']);
+ }
+ $data['privs'] = format_options(_REQUEST_cut('privs'), 'privs');
+
+ return $data;
+}
+
+
+function admin_admins_main() {
+ if(logged_in_as_admin()) {
+ tem_set('admin_privs');
+ } else {
+ $_REQUEST['url'] = this_url();
+ return 'admin_login';
+ }
+
+ $id = _REQUEST_cut('edit_id');
+ if($id) {
+ return admin_admins_main_form($id);
+ }
+
+ $id = _REQUEST_cut('admin_admins_delete_id');
+ if($id) {
+ return admin_admins_main_delete($id);
+ }
+
+ if(_REQUEST_cut('new')) {
+ return admin_admins_main_form();
+ }
+
+ if(_REQUEST_cut('list')) {
+ return admin_admins_main_listing();
+ }
+
+ if(isset($_POST['username'])) {
+ return admin_admins_main_form();
+ }
+
+ # default action:
+ return admin_admins_main_listing();
+}
+
+function admin_admins_main_delete($id) {
+ db_delete('admins', 'where id=%i', $id);
+ message('Account deleted.');
+ return './admin_admins';
+}
+
+function admin_admins_main_listing() {
+ $listing_rows = db_get_assocs('admins', 'id,name,username,privs', 'order by coalesce(nullif("",name),username)');
+ tem_set('listings', $listing_rows);
+}
+
+function admin_admins_main_form($id = false) {
+ pulldown('privs', array(
+ array('', 'None'),
+ array('admin', 'Admin')
+ ));
+
+ if($id) {
+ # add hidden field for database id of row we're editing
+ tem_set('id', $id);
+ tem_set('editing');
+ tem_set('edit_msg');
+ } else {
+ tem_set('new_msg');
+ }
+
+ if(isset($_POST['username'])) {
+ $data = admin_admins_get_fields();
+
+ if($data['username']) {
+ if($id) {
+ db_update_assoc('admins', $data, 'where id=%i', $id);
+ message('Account updated.');
+ } else {
+ db_insert_assoc('admins', $data);
+ message('Account saved.');
+ }
+ if($error !== true) {
+ return './admin_admins';
+ }
+ } else {
+ message('"username" is required. To disable an account without deleting it, make the password blank');
+ }
+ } elseif($id) {
+ # we've recieved an edit id, but no data. So we grab the values to be edited from the database
+ $data = db_get_assoc('admins', ADMIN_ADMINS_DB_FIELDS, 'where id=%i', $id);
+ } else {
+ # form not submitted, you can set default values:
+ $data = array(
+ 'password' => session_generate_key() # [a-zA-Z0-9]{16}
+ );
+ }
+
+ tem_set('form', $data);
+}