<?php
//
// +----------------------------------------------------------------------+
// |zen-cart Open Source E-commerce |
// +----------------------------------------------------------------------+
// | Copyright (c) 2006 The zen-cart developers |
// | |
// | http://www.zen-cart.com/index.php |
// | |
// | Portions Copyright (c) 2003 osCommerce |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the GPL license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available through the world-wide-web at the following url: |
// | http://www.zen-cart.com/license/2_0.txt. |
// | If you did not receive a copy of the zen-cart license and are unable |
// | to obtain it through the world-wide-web, please send a note to |
// | license@zen-cart.com so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// $Id: admin.php 4701 2006-10-08 01:09:44Z drbyte $
//
require('includes/application_top.php');
$action = (isset($_GET['action']) ?
$_GET['action'] : '');
if (zen_not_null($action)) {
switch ($action) {
// demo active test
case (zen_admin_demo()):
$action='';
$messageStack->add_session(ERROR_ADMIN_DEMO, 'caution');
zen_redirect(zen_href_link(FILENAME_ADMIN));
break;
//-------------------------------------------------------------------------------------------------------------------------
case 'insert':
case 'save':
case 'reset':
$error = false;
if ( ($action == 'insert') || ($action == 'reset') ){
$password_new = zen_db_prepare_input($_POST['password_new']);
$password_confirmation = zen_db_prepare_input($_POST['password_confirmation']);
if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH
) {
$error = true;
$messageStack->add(ENTRY_PASSWORD_NEW_ERROR, 'error');
}
if ($password_new != $password_confirmation) {
$error = true;
$messageStack->add(ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING, 'error');
}
}
if ($error == false) {
if (isset($_GET['adminID'])) $admins_id = zen_db_prepare_input
($_GET['adminID']);
$admin_name = zen_db_prepare_input($_POST['admin_name']);
$admin_email = zen_db_prepare_input($_POST['admin_email']);
$password_new = zen_db_prepare_input($password_new);
$admin_level = zen_db_prepare_input($_POST['admin_level']);
$password_new = zen_db_prepare_input($password_new);
'admin_name' => $admin_name,
'admin_email' => $admin_email,
'admin_level' => (int)$admin_level
);
if ($action == 'insert') {
$insert_sql_data = array('admin_pass' => zen_encrypt_password
($password_new));
$sql_data_array = array_merge($sql_data_array, $insert_sql_data);
zen_db_perform(TABLE_ADMIN, $sql_data_array);
$new_admin_id = zen_db_insert_id();
$admins_id = $new_admin_id;
} elseif ($action == 'save') {
zen_db_perform(TABLE_ADMIN, $sql_data_array, 'update', "admin_id = '" . (int)$admins_id . "'");
$db->Execute("UPDATE " . TABLE_CONFIGURATION . " set configuration_value='" . (int)$_POST['demo_status'] . "' where configuration_key='ADMIN_DEMO'");
} elseif ($action == 'reset') {
$update_sql_data = array('admin_pass' => zen_encrypt_password
($password_new));
$sql_data_array = array_merge($sql_data_array, $update_sql_data);
zen_db_perform(TABLE_ADMIN, $sql_data_array, 'update', "admin_id = '" . (int)$admins_id . "'");
} // end action check
zen_redirect
(zen_href_link
(FILENAME_ADMIN
, (isset($_GET['page']) ?
'page=' . $_GET['page'] . '&' : '') . 'adminID=' . $admins_id));
} // end error check
//echo $action;
// zen_redirect(zen_href_link(FILENAME_ADMIN, (isset($_GET['page']) ? 'page=' . '&' : '') . 'adminID=' . $admins_id));
break;
//-------------------------------------------------------------------------------------------------------------------------
case 'deleteconfirm':
$new_admin_id = zen_db_prepare_input($_GET['adminID']);
$db->Execute("delete from " . TABLE_ADMIN . " where admin_id = '" . (int)$new_admin_id . "'");
zen_redirect(zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page']));
break;
//-------------------------------------------------------------------------------------------------------------------------
} // end switch
} // end zen_not_null
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html
<?php echo HTML_PARAMS
; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=
<?php echo CHARSET
; ?>">
<title>
<?php echo TITLE
; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
<!--
function init()
{
cssjsmenu('navbar');
if (document.getElementById)
{
var kill = document.getElementById('hoverJS');
kill.disabled = true;
}
}
// -->
</script>
</head>
<body onLoad="init()">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<!-- body_text //-->
<td width="100%" valign="top">
<?php echo zen_draw_separator
('pixel_trans.gif', '1', '10'); ?>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading">
<?php echo HEADING_TITLE
; ?></td>
</tr>
</table>
<?php echo zen_draw_separator
('pixel_trans.gif', '1', '10'); ?>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td valign="top">
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr class="dataTableHeadingRow">
<td width="10%" class="dataTableHeadingContent">
<?php echo TABLE_HEADING_ADMINS_ID
; ?></td>
<td width="35%" class="dataTableHeadingContent">
<?php echo TABLE_HEADING_ADMINS_NAME
; ?></td>
<td width="35%" class="dataTableHeadingContent">
<?php echo TABLE_HEADING_ADMINS_EMAIL
; ?></td>
<td width="20%" class="dataTableHeadingContent" align="right">
<?php echo TABLE_HEADING_ACTION
; ?> </td>
</tr>
<?php
$admins_query_raw = "select admin_id, admin_name, admin_email, admin_pass, admin_level from " . TABLE_ADMIN . " order by admin_name";
$admins_split = new splitPageResults($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS, $admins_query_raw, $admins_query_numrows);
$admins = $db->Execute($admins_query_raw);
while (!$admins->EOF) {
if ((!isset($_GET['adminID']) || (isset($_GET['adminID']) && ($_GET['adminID'] == $admins->fields['admin_id']))) && !isset($adminInfo) && (substr($action, 0, 3) != 'new')) {
$adminInfo = new objectInfo($admins->fields);
}
if (isset($adminInfo) && is_object($adminInfo) && ($admins->fields['admin_id'] == $adminInfo->admin_id)) {
echo '<tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href=\'' . zen_href_link(FILENAME_ADMIN, 'page
=' . $_GET['page
'] . '&adminID
=' . $admins->fields['admin_id
'] . '&action
=edit
') . '\
'">' . "\n";
} else {
echo '<tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href=\'' . zen_href_link(FILENAME_ADMIN, 'page
=' . $_GET['page
'] . '&adminID
=' . $admins->fields['admin_id
'] . '') . '\
'">' . "\n";
}
?>
<td class="dataTableContent">
<?php echo $admins->fields['admin_id']; ?></td>
<td class="dataTableContent">
<?php echo $admins->fields['admin_name']; ?></td>
<td class="dataTableContent">
<?php echo $admins->fields['admin_email']; ?></td>
<td class="dataTableContent" align="right">
<?php echo '<a href="' . zen_href_link
(FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $admins->fields['admin_id'] . '&action=edit') . '">' . zen_image
(DIR_WS_IMAGES
. 'icon_edit.gif', ICON_EDIT
) . '</a>'; ?>
<?php echo '<a href="' . zen_href_link
(FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $admins->fields['admin_id'] . '&action=delete') . '">' . zen_image
(DIR_WS_IMAGES
. 'icon_delete.gif', ICON_DELETE
) . '</a>'; ?>
<?php echo '<a href="' . zen_href_link
(FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $admins->fields['admin_id'] . '&action=resetpassword') . '">' . zen_image
(DIR_WS_IMAGES
. 'icon_reset.gif', ICON_RESET
) . '</a>'; ?>
</td>
</tr>
<?php
$admins->MoveNext();
}
?>
<tr>
<td colspan="2">
<table border="0" width="100%" cellspacing="0" cellpadding="4">
<tr>
<td class="smallText" valign="top">
<?php echo $admins_split->display_count($admins_query_numrows, MAX_DISPLAY_SEARCH_RESULTS
, $_GET['page'], TEXT_DISPLAY_NUMBER_OF_ADMINS
); ?></td>
<td class="smallText" align="right">
<?php echo $admins_split->display_links($admins_query_numrows, MAX_DISPLAY_SEARCH_RESULTS
, MAX_DISPLAY_PAGE_LINKS
, $_GET['page']); ?></td>
</tr>
</table>
</td>
</tr>
<?php
?>
<tr>
<td align="right" colspan="4" class="smallText">
<?php
echo '<a href="' . zen_href_link
(FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=new') . '">' . zen_image_button
('button_insert.gif', IMAGE_INSERT
) . '</a>';
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
<?php
switch ($action) {
//-------------------------------------------------------------------------------------------------------------------------
case 'new':
$heading[] = array('text' => '<b>' . TEXT_HEADING_NEW_ADMIN
. '</b>');
$contents = array('form' => zen_draw_form
('new_admin', FILENAME_ADMIN
, 'action=insert', 'post', 'enctype="multipart/form-data"'));
$contents[] = array('text' => TEXT_NEW_INTRO
);
$contents[] = array('text' => '<br>' . TEXT_ADMINS_NAME
. '<br>' . zen_draw_input_field
('admin_name', '', zen_set_field_length
(TABLE_ADMIN
, 'admin_name', $max=30)) );
$contents[] = array('text' => '<br>' . TEXT_ADMINS_EMAIL
. '<br>' . zen_draw_input_field
('admin_email', '', zen_set_field_length
(TABLE_ADMIN
, 'admin_email', $max=30)) );
$contents[] = array('text' => '<br>' . TEXT_ADMINS_PASSWORD
. '<br>' . zen_draw_password_field
('password_new', '', zen_set_field_length
(TABLE_ADMIN
, 'admin_pass', $max=20)) );
$contents[] = array('text' => '<br>' . TEXT_ADMINS_CONFIRM_PASSWORD
. '<br>' . zen_draw_password_field
('password_confirmation', '', zen_set_field_length
(TABLE_ADMIN
, 'admin_pass', $max=20)) );
$contents[] = array('text' => zen_draw_hidden_field
('admin_level', '1') );
$contents[] = array('align' => 'center',
'text' => '<br>' . zen_image_submit('button_save.gif', IMAGE_SAVE) . '<a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $_GET['adminID']) . '">' . zen_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
break;
//-------------------------------------------------------------------------------------------------------------------------
case 'edit':
$heading[] = array('text' => '<b>' . TEXT_HEADING_EDIT_ADMIN
. '</b>');
$contents = array('form' => zen_draw_form
('edit_admin', FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=save', 'post', 'enctype="multipart/form-data"'));
$contents[] = array('text' => TEXT_EDIT_INTRO
);
$contents[] = array('text' => '<br><b>' . $adminInfo->admin_id . '</b> - ' . $adminInfo->admin_name . '</b>');
$contents[] = array('text' => '<br>' . TEXT_ADMINS_NAME
. '<br>' . zen_draw_input_field
('admin_name', $adminInfo->admin_name, zen_set_field_length
(TABLE_ADMIN
, 'admin_name', $max=30)) );
$contents[] = array('text' => '<br>' . TEXT_ADMINS_EMAIL
. '<br>' . zen_draw_input_field
('admin_email', $adminInfo->admin_email, zen_set_field_length
(TABLE_ADMIN
, 'admin_email', $max=30)) );
$admin_current = $db->Execute("select admin_level from " . TABLE_ADMIN . " where admin_id='" . $_SESSION['admin_id'] . "'");
/*
if ($admin_current->fields['admin_level'] == '1') {
$contents[] = array('text' => '<br>' . TEXT_ADMIN_LEVEL_INSTRUCTIONS);
$contents[] = array(
'text' => '<strong>' . TEXT_ADMINS_LEVEL . '</strong><br>' . zen_draw_input_field('admin_level', $adminInfo->admin_level, zen_set_field_length(TABLE_ADMIN, 'admin_level'))
);
*/
$demo_status= zen_get_configuration_key_value('ADMIN_DEMO');
switch ($demo_status) {
case '0': $on_status = false; $off_status = true; break;
case '1': $on_status = true; $off_status = false; break;
default: $on_status = false; $off_status = true; break;
}
if ($on_status == true) {
$contents[] = array('text' => '<br>' . TEXT_ADMIN_DEMO
);
$contents[] = array('text' => '<strong>' . TEXT_DEMO_STATUS
. '</strong><br>' . zen_draw_radio_field
('demo_status', '1', $on_status) . ' ' . TEXT_DEMO_ON
. ' ' . zen_draw_radio_field
('demo_status', '0', $off_status) . ' ' . TEXT_DEMO_OFF
);
} else {
$contents[] = array('text' => zen_draw_hidden_field
('demo_status', 0) );
}
$contents[] = array('align' => 'center',
'text' => '<br>' . zen_image_submit('button_save.gif', IMAGE_SAVE) . '<a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id) . '">' . zen_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
break;
//-------------------------------------------------------------------------------------------------------------------------
case 'resetpassword':
$heading[] = array('text' => '<b>' . TEXT_HEADING_RESET_PASSWORD
. '</b>');
$contents = array('form' => zen_draw_form
('reset_password', FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=reset',
'post', 'enctype="multipart/form-data"') . zen_draw_hidden_field('admin_name', $adminInfo->admin_name) . zen_draw_hidden_field('admin_email', $adminInfo->admin_email) . zen_draw_hidden_field('admin_level', $adminInfo->admin_level));
$contents[] = array('text' => TEXT_EDIT_INTRO
);
$contents[] = array('text' => '<br><b>' . $adminInfo->admin_id . '</b> - ' . $adminInfo->admin_name . '</b>');
$contents[] = array('text' => '<br>' . TEXT_ADMINS_PASSWORD
. '<br>' . zen_draw_password_field
('password_new', '', zen_set_field_length
(TABLE_ADMIN
, 'admin_pass', $max=25)) );
$contents[] = array('text' => '<br>' . TEXT_ADMINS_CONFIRM_PASSWORD
. '<br>' . zen_draw_password_field
('password_confirmation', '', zen_set_field_length
(TABLE_ADMIN
, 'admin_pass', $max=25)) );
$contents[] = array('align' => 'center',
'text' => '<br>' . zen_image_submit('button_save.gif', IMAGE_SAVE) . '<a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id) . '">' . zen_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
break;
//-------------------------------------------------------------------------------------------------------------------------
case 'delete':
$heading[] = array('text' => '<b>' . TEXT_HEADING_DELETE_ADMIN
. '</b>');
$contents = array('form' => zen_draw_form
('delete_admin', FILENAME_ADMIN
, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=deleteconfirm'));
$contents[] = array('text' => TEXT_DELETE_INTRO
);
$contents[] = array('text' => '<br><b>' . $adminInfo->admin_name . '</b>');
$contents[] = array('align' => 'center',
'text' => '<br>' . zen_image_submit('button_delete.gif', IMAGE_DELETE) . '<a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id) . '">' . zen_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
break;
//-------------------------------------------------------------------------------------------------------------------------
default:
//-------------------------------------------------------------------------------------------------------------------------
$heading[] = array('text' => '<b>' . $adminInfo->admin_name . '</b>');
$contents[] = array('align' => 'center',
'text' => '<a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=edit') . '">' . zen_image_button('button_edit.gif', IMAGE_EDIT) . '</a><a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=resetpassword') . '">' . zen_image_button('button_reset_pwd.gif', IMAGE_RESET) . '</a><a href="' . zen_href_link(FILENAME_ADMIN, 'page=' . $_GET['page'] . '&adminID=' . $adminInfo->admin_id . '&action=delete') . '">' . zen_image_button('button_delete.gif', IMAGE_DELETE) . '</a>');
}
break;
//-------------------------------------------------------------------------------------------------------------------------
} // end switch action
if ( (zen_not_null($heading)) && (zen_not_null($contents)) ) {
echo '<td width="25%" valign="top">' . "\n";
$box = new box;
echo $box->infoBox($heading, $contents);
}
?>
</tr>
</table>
</td>
<!-- body_text_eof //-->
</tr>
</table>
<!-- body_eof //-->
<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>