if(!defined('GCMS')){die('access denied');}
// Loading user class
require_once('user.class.php');
$user = new user_class($db);
// Module control
$task = (!empty($_GET['task'])) ? $_GET['task'] : 'user';
// Module vars
$smarty->assign('module_id', 'user');
$smarty->assign('module_title', $l['users']);
// Module directory
define('MODULE_DIR', 'module/backend/user/');
// Module menu
$module_menu = array(
array('task'=>'user', 'menu_link'=>'admin.php?module=user', 'menu_title'=>$l['users']),
array('task'=>'add-user', 'menu_link'=>'admin.php?module=user&task=add-user', 'menu_title'=>$l['add_new_user'])
);
// Removing current page from module menu
$module_menu = $framework->remove_from_array_by_value($module_menu, $task, 'task');
$smarty->assign('module_menu', $module_menu);
switch($task){
// Used to display users
case 'user':
// Module template
$smarty->assign('base_cotent_tpl', MODULE_DIR.'template/admin.user.map.tpl');
// Lauding info about all users
$result = $db->query("SELECT `user_id`, `user_fullname` FROM `gcms_user` ORDER BY `user_id` DESC;");
$result = $result->fetchAll();
$smarty->assign('user', $result);
break;
// Used to delete user
case 'delete-user':
if (!empty($_GET['id']) and !is_numeric($_GET['id'])) {
$framework->redirect('admin.php?module=user', $l['id_not_given_or_misunderstood'], 'error');
} else if (!empty($_GET['id']) and !$user->check_if_value_exists('user_id', $_GET['id'])) {
$framework->redirect('admin.php?module=user', $l['user_not_found'], 'error');
} else if (!empty($_GET['id'])) {
$user->delete_user($_GET['id']);
$framework->redirect('admin.php?module=user', $l['user_successfully_removed'], 'message');
}
break;
// Used to add user
case 'add-user':
// Module subtitle
$smarty->assign('module_subtitle', $l['add_new_user']);
// Module template
$smarty->assign('base_cotent_tpl', MODULE_DIR.'template/admin.user.form.tpl');
// Handling add user form
if (!empty($_POST)) {
if (empty($_POST['user_fullname']) or empty($_POST['user_username']) or empty($_POST['user_password']) or empty($_POST['user_password_confirm'])) {
$framework->redirect('admin.php?module=user&task=add-user', $l['red_star_marked_fields_are_required'], 'error');
} else if ($user->check_if_value_exists('user_username', $_POST['user_username'])) {
$framework->redirect('admin.php?module=user&task=add-user', $l['username_already_taken'], 'error');
} else if ($_POST['user_password']!=$_POST['user_password_confirm']) {
$framework->redirect('admin.php?module=user&task=add-user', $l['passwords_do_not_match'], 'error');
} else {
// Creating new user
$user_id = $user->create_new_user($_POST['user_username'], $_POST['user_fullname'], $auth->secure($_POST['user_password']), $_POST['user_note']);
$framework->redirect('admin.php?module=user&task=edit-user&id='.$user_id, $l['user_successfully_created'], 'message');
}
}
// Loading empty values to prevent errors
$smarty->assign('user', NULL);
break;
// User to edit users
case 'edit-user':
// Module subtitle
$smarty->assign('module_subtitle', $l['edit_user']);
// Module template
$smarty->assign('base_cotent_tpl', MODULE_DIR.'template/admin.user.form.tpl');
// Checking if #id is given and if it is numeric
if (empty($_GET['id']) or !is_numeric($_GET['id'])) {
$framework->redirect('admin.php?module=user', $l['id_not_given_or_misunderstood'], 'error');
}
// Loading info about user
if ($user->check_if_value_exists('user_id', $_GET['id'])) {
$user_result = $user->get_user($_GET['id'], array('user_id', 'user_username', 'user_email', 'user_email', 'user_fullname', 'user_note'));
$smarty->assign('user', $user_result);
} else {
$framework->redirect('admin.php?module=user', $l['user_not_found'], 'error');
}
// Handling user update form
if (!empty($_POST)) {
// Checking if there aren't any required field left empty
if (empty($_POST['user_id']) or empty($_POST['user_username']) or empty($_POST['user_fullname'])) {
$framework->redirect($_SERVER['HTTP_REFERER'], $l['red_star_marked_fields_are_required'], 'error');
}
// Handling users password update
if (!empty($_POST['user_password'])) {
// Check if entered password matches current users password.
$result = $user->check_users_password($_POST['user_id'], $auth->secure($_POST['user_password']));
if ($result==FALSE) {
$framework->redirect($_SERVER['HTTP_REFERER'], $l['wrong_password'], 'error');
} else if (empty($_POST['user_new_password']) or empty($_POST['user_new_password_confirm'])) {
$framework->redirect($_SERVER['HTTP_REFERER'], $l['new_password_not_entered'], 'error');
} else if ($_POST['user_new_password']!=$_POST['user_new_password_confirm']) {
$framework->redirect($_SERVER['HTTP_REFERER'], $l['new_passwords_do_not_match'], 'error');
} else {
// Update users password
$user->update_user($_POST['user_id'], array('user_password'=>$auth->secure($_POST['user_new_password'])));
}
}
// Handling users email update
if (!empty($_POST['user_email']) and !$user->check_email_address($_POST['user_email'])) {
$framework->redirect('admin.php?module=user&task=edit-user&id='.$_POST['user_id'], $l['wrong_email_format'], 'error');
} else if (!empty($_POST['user_email'])) {
$user->update_user($_POST['user_id'], array('user_email'=>$_POST['user_email']));
}
// Handling user information update
if (!$user->check_if_value_exists('user_username', $_POST['user_username'])) {
$user->update_user($_POST['user_id'], array('user_username'=>$_POST['user_username']));
} else if ($user->check_if_value_exists('user_username', $_POST['user_username']) and ($user_result['user_username']!==$_POST['user_username'])) {
$framework->redirect('admin.php?module=user&task=edit-user&id='.$_POST['user_id'], $l['username_already_taken'], 'error');
}
// Updating misc user information
$user->update_user($_POST['user_id'], array('user_fullname'=>$_POST['user_fullname'], 'user_note' => $_POST['user_note']));
$framework->redirect($_SERVER['HTTP_REFERER'], $l['user_information_successfully_updated'], 'message');
}
break;
}
I believe that I still do many irrational things and as everyone else I would like to reduce that as much as possible. So basically I am asking for tips and tricks that I can use in my coding. For example here, since it is most common tasks to proceed.
And tips and tricks are welcome.
