"Tofu_Session", "auth" => "Tofu_Default_Auth", "perm" => "Tofu_Perm", "user" => "Tofu_User")); //$auth->login_if(! $perm->have_perm('user')); // login if not authenticated as a user function add_user() { $db = new DB_Tofu_Session; if (!$perm->have_perm("admin")) { // Do we have permission to do so? print "

You do not have permission to create users.

"; return 0; } // Do we have all necessary data? if (empty($username) || empty($password)) { print "

Please fill out Username and Password!

"; return 0; } // Does the user already exist? // NOTE: This should be a transaction, but it isn't $db->query("select * from auth_user where username='$username'"); if ($db->nf()>0) { print "

User $username already exists!

"; return 0; } // Create a uid and insert the user... $u_id=md5(uniqid($hash_secret)); $permlist = addslashes(implode($perms,",")); $permlist = 'user'; $query = "insert into auth_user values('$u_id','$username','$password','$permlist','$tofu_id')"; $db->query($query); if ($db->affected_rows() == 0) { print "

Failed: $query

"; break; } return $u_id; } function edit($row) { echo "
\n"; echo "\n"; // name echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // login // note that when processing this form input we should disallow the login field if // the submitting user is not an admin. we don't yet check for that! if ($GLOBALS['perm']->have_perm('admin')) { echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; } if ($GLOBALS['perm']->have_perm('admin')) { echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; } // email echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // url echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // profile echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // phone echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // address echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // city echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // state echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // zip echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // country echo "\n"; echo " \n"; /* echo " \n"; */ echo " \n"; echo "\n\n"; // ethnicity echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; // relationship status echo "\n"; echo " \n"; echo " \n"; echo "\n\n"; if (empty($row['user_date_added']) ) { $date = date('Ymd'); echo " \n"; } if (empty($row['user_date_added']) ) { $date = date('Ymd'); echo " \n"; } // submit echo "\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "\n\n"; echo "
Name: ?
Login (ADMIN):
Password (ADMIN):
Remember to change both DBs
Email: ?
URL:
Profile: ?
Phone: ?
Address: ?
City: ?
State: ?
Zip Code:
Country:
Favorite Food Type:
Relationship Status: ?
\n"; echo "
\n"; } function load($id) { if (! is_numeric($id)) { return ''; } $query ="select user.id as user_id, user.name as user_name, user.login as user_login, user.profile as user_profile, user.url as user_url, user.phone as user_phone, user.password as user_password, user.email as user_email, user.address as user_address, user.city as user_city, user.state as user_state, user.zip as user_zip, user.country as user_country, user.status_id as user_status_id, DATE_FORMAT( user.date_added, '%M %D, %Y') as user_date_added, user.favorite_ethnicity_id as user_favorite_ethnicity_id from user where user.id = $id"; $res = run_query($query); return mysql_fetch_array($res); } function view($view, $id, $sort) { global $db_tofu; $query = "select user.id, user.name, user.login, user.address, user.city, user.state, user.country, user.zip, user.email, user.url, user.phone, user.profile, user.status_id, DATE_FORMAT( user.date_added, '%m/%d/%y') as date_added, user.favorite_ethnicity_id, ethnicity.name as ethnicity from user, ethnicity where user.favorite_ethnicity_id = ethnicity.id"; if (! empty($id)) { $query .= "\n and user.id = $id "; } if ($sort) { $query .= "\n order by " . $sort; } else { $query .= "\n order by name\n"; } $res = run_query($query); if ($view == 'long') { //while ($row = mysql_fetch_array($res)) { while ($db_tofu->next_record()) { longView($db_tofu->Record); } } else { echo "
\n"; while ($db_tofu->next_record()) { compactView($db_tofu->Record); } echo "
"; } } function longView($row) { $image_row = getImage('user', $row['id']); if (empty($image_row['name'])) { $no_image = 1; } echo "
\n"; echo "
\n"; echo "\n

" . $row['name'] . "

\n"; // need restricting views of email addr. need profile settings for this if (($row['id'] == $GLOBALS['auth']->auth['tofu_id']) || ($GLOBALS['perm']->have_perm('admin')) ) { echo "\n" . preg_replace("/@/", "(at)",$row['email']) . "
\n"; } echo "\n" . $row['url'] . "
\n"; $clean_city = strtolower($row['city']); $clean_city = preg_replace("/\s|\./", "", $clean_city); // city echo "" . $row['city'] . " "; // state echo ", " . $row['state'] . " " . $row['zip'] . "
"; // country echo "" . $row['country'] . " "; // echo $row['city'] . ", " . $row['state'] . " " . $row['zip'] . "
\n" . $row['country'] . "

\n"; echo "

Reviews: " . $row['login'] . "'s reviews
\n"; echo "Favorite Food: {$row['ethnicity']}

\n"; if (! empty($row['profile'])) { echo "

Profile:\n"; echo $row['profile'] . "

\n"; } echo "

Joined: " . $row['date_added'] . "

\n"; if ($no_image) { echo "Add Image
"; } if (($row['id'] == $GLOBALS['auth']->auth['tofu_id']) || ($GLOBALS['perm']->have_perm('admin')) ) { echo "
"; echo ""; echo " Edit\n"; } echo "		"; if (! empty($image_row['name'])) { echo "" . $image_row["; } else { echo " "; } echo "
\n"; } function compactView($row) { static $count; if ($count++ < 1) { echo "\n"; echo " User\n"; echo " Email\n"; echo " City\n"; echo " State\n"; echo " Country\n"; echo " Fav Type\n"; echo " Since\n"; echo " Edit\n"; echo "\n"; } echo "\n"; echo " " . $row['login'] . " \n"; // restricting views of email addr. need profile settings for this if (($row['id'] == $GLOBALS['auth']->auth['tofu_id']) || ($GLOBALS['perm']->have_perm('admin')) ) { echo " " . $row['email'] . " \n"; } else { echo "  \n"; } echo " " . $row['city'] . " \n"; echo " " . $row['state'] . " \n"; echo " " . $row['country'] . " \n"; echo " " . $row['ethnicity'] . " \n"; echo " " . $row['date_added'] . " \n"; if (($row['id'] == $GLOBALS['auth']->auth['tofu_id']) || ($GLOBALS['perm']->have_perm('admin')) ) { echo "Edit\n"; } else { echo " \n"; } echo "\n"; } function footer() { if ($GLOBALS['id']) { echo "
All |\n"; } echo "Long | "; echo "Compact\n"; if ($GLOBALS['perm']->have_perm("admin")) { echo "| Add User
"; } } //--------- main program if (!isset($title)) { $title = 'Users'; } include_once("lib.tofuguide.php3"); include_once("db.inc.php3"); $tables = parse_tables(); switch ($mode) { case 'edit': $auth->login_if(! $perm->have_perm('user')); if ($submit == 'Update') { if (($tables['user']['id'] != $auth->auth['tofu_id']) && (! $GLOBALS['perm']->have_perm('admin')) ) { include("header.inc.php3"); echo "You don't have permission to do this!"; echo "tables user user_id is -> ". $tables['user']['id']; echo "
auth tofu_id is -> " . $auth->auth['tofu_id']; echo ""; } else { $auth->login_if(! $perm->have_perm('user')); $new_id = update($tables); if (! empty($user__id)) { header("Location: http://www.tofuguide.com" . $GLOBALS['SCRIPT_NAME'] . "?view=long&id=$user__id"); } else { header("Location: http://www.tofuguide.com" . $GLOBALS['SCRIPT_NAME'] . "?view=long&id=$new_id"); } } } else { if (! empty($id)) { $title = "Edit User #" . $id . " - " . getName('user', $id); } else { $title = "Edit Profile"; } include("header.inc.php3"); if (! $id) { $id = $auth->auth['tofu_id']; } edit(load($id)); } break; case 'add': include("header.inc.php3"); edit(''); $add_user = 1; $sess->register("add_user"); break; default: if (! empty($id)) { $name = getName('user', $id); } $title = "Users - " . $name; include("header.inc.php3"); view($view,$id,$sort); break; } footer(); //--------- main program include("footer.inc.php3"); page_close(); ?>