-<?php
-
-# Reset password from the commandline: echo -E "update admins set password="$(echo '<?php print(sha1("NEW_PASSWORD"));' | php)" where username='USERNAME';" | mysql DB_NAME_HERE
-
-define('ADMIN_ADMINS_DB_FIELDS', 'name,username,password,privs');
-
-
-require_once(DOCROOT . 'inc/wfpl/format.php');
-require_once(DOCROOT . 'inc/wfpl/email.php');
-
-function admin_admins_get_fields() {
- $data = array();
-
- $data['name'] = format_oneline(_REQUEST_cut('name'));
- $data['username'] = format_oneline(_REQUEST_cut('username'));
- $data['password'] = format_oneline(_REQUEST_cut('password'));
- if($data['password'] && strlen($data['password']) != 40) {
- $data['password'] = sha1($data['password']);
- }
- $data['privs'] = format_options(_REQUEST_cut('privs'), 'privs');
-
- return $data;
-}
-
-
-function admin_admins_main() {
- if(logged_in_as_admin()) {
- tem_set('admin_privs');
- } else {
- $_REQUEST['url'] = this_url();
- return 'admin_login';
- }
-
- $id = _REQUEST_cut('edit_id');
- if($id) {
- return admin_admins_main_form($id);
- }
-
- $id = _REQUEST_cut('admin_admins_delete_id');
- if($id) {
- return admin_admins_main_delete($id);
- }
-
- if(_REQUEST_cut('new')) {
- return admin_admins_main_form();
- }
-
- if(_REQUEST_cut('list')) {
- return admin_admins_main_listing();
- }
-
- if(isset($_POST['username'])) {
- return admin_admins_main_form();
- }
-
- # default action:
- return admin_admins_main_listing();
-}
-
-function admin_admins_main_delete($id) {
- db_delete('admins', 'where id=%i', $id);
- message('Account deleted.');
- return './admin_admins';
-}
-
-function admin_admins_main_listing() {
- $listing_rows = db_get_assocs('admins', 'id,name,username,privs', 'order by coalesce(nullif("",name),username)');
- tem_set('listings', $listing_rows);
-}
-
-function admin_admins_main_form($id = false) {
- pulldown('privs', array(
- array('', 'None'),
- array('admin', 'Admin')
- ));
-
- if($id) {
- # add hidden field for database id of row we're editing
- tem_set('id', $id);
- tem_set('editing');
- tem_set('edit_msg');
- } else {
- tem_set('new_msg');
- }
-
- if(isset($_POST['username'])) {
- $data = admin_admins_get_fields();
-
- if($data['username']) {
- if($id) {
- db_update_assoc('admins', $data, 'where id=%i', $id);
- message('Account updated.');
- } else {
- db_insert_assoc('admins', $data);
- message('Account saved.');
- }
- if($error !== true) {
- return './admin_admins';
- }
- } else {
- message('"username" is required. To disable an account without deleting it, make the password blank');
- }
- } elseif($id) {
- # we've recieved an edit id, but no data. So we grab the values to be edited from the database
- $data = db_get_assoc('admins', ADMIN_ADMINS_DB_FIELDS, 'where id=%i', $id);
- } else {
- # form not submitted, you can set default values:
- $data = array(
- 'password' => session_generate_key() # [a-zA-Z0-9]{16}
- );
- }
-
- tem_set('form', $data);
-}