1<?php
2require_once dirname(__FILE__).'/accesscheck.php';
3
4if (isset($_GET['remember_find'])) {
5    $remember_find = (string) $_GET['remember_find'];
6} else {
7    $remember_find = '';
8}
9
10$external = $require_login && !is_a($GLOBALS['admin_auth'], 'phpListAdminAuthentication');
11$start = isset($_GET['start']) ? sprintf('%d', $_GET['start']) : 0;
12$listid = isset($_GET['id']) ? sprintf('%d', $_GET['id']) : 0;
13$find = isset($_REQUEST['find']) ? $_REQUEST['find'] : '';
14
15if (!empty($find)) {
16    $remember_find = '&find='.urlencode($find);
17} else {
18    $remember_find = '';
19}
20
21// with external admins we simply display information
22if ($external) {
23    $admins = $GLOBALS['admin_auth']->listAdmins();
24    $total = count($admins);
25    $found = $total;
26    $ls = new WebblerListing(s('Administrators'));
27    foreach ($admins as $adminid => $adminname) {
28        $ls->addElement($adminname); //,PageUrl2("admin",s('Show'),"id=".$adminid));
29    }
30    echo $ls->display();
31
32    return;
33}
34
35echo '<div class="button">'.PageLink2('importadmin', s('Import list of admins')).'</div>';
36echo '<div class="pull-right fright">'.PageLinkActionButton('admin', s('Add new admin'), "start=$start".$remember_find).'</div><div class="clearfix"></div>';
37
38if (isset($_GET['delete']) && $_GET['delete']) {
39    // delete the index in delete
40    if ($_GET['delete'] == $_SESSION['logindetails']['id']) {
41        echo s('You cannot delete yourself')."\n";
42    } else {
43        echo s('Deleting')." $delete ..\n";
44        Sql_query(sprintf('delete from %s where id = %d', $GLOBALS['tables']['admin'], $_GET['delete']));
45        Sql_query(sprintf('delete from %s where adminid = %d', $GLOBALS['tables']['admin_attribute'],
46            $_GET['delete']));
47        Sql_query(sprintf('delete from %s where adminid = %d', $GLOBALS['tables']['admin_task'], $_GET['delete']));
48        echo '..'.s('Done')."<br /><hr><br />\n";
49        Redirect("admins&start=$start");
50    }
51}
52
53ob_end_flush();
54
55if (isset($add)) {
56    if (isset($new)) {
57        $query = 'insert into '.$tables['admin']." (email,entered) values(\"$new\",now())";
58        $result = Sql_query($query);
59        $userid = Sql_insert_id();
60        $query = 'insert into '.$tables['listuser']." (userid,listid,entered) values($userid,$id,now())";
61        $result = Sql_query($query);
62    }
63    echo '<br/>'.s('Admin added').'<br/>';
64}
65
66if (!$find) {
67    $result = Sql_query('SELECT count(*) FROM '.$tables['admin']);
68} else {
69    $result = Sql_query('SELECT count(*) FROM '.$tables['admin']." where loginname like \"%$find%\" or email like \"%$find%\"");
70}
71$totalres = Sql_fetch_Row($result);
72$total = $totalres[0];
73
74echo '<p class="info">'.$total.' '.s('Administrators');
75echo $find ? ' '.s('found').'</p>' : '</p>';
76
77$paging = '';
78$limit = '';
79
80if ($total > MAX_USER_PP) {
81    $paging = simplePaging("admins$remember_find", $start, $total, MAX_USER_PP, s('Administrators'));
82    $limit = "limit $start,".MAX_USER_PP;
83}
84if ($find) {
85    $result = Sql_query('SELECT id,loginname,email, superuser, disabled FROM '.$tables['admin'].' where loginname like "%'.sql_escape($find).'%" or email like "%'.sql_escape($find)."%\" order by loginname $limit");
86} else {
87    $result = Sql_query('SELECT id,loginname,email, superuser, disabled FROM '.$tables['admin']." order by loginname $limit");
88}
89
90?>
91<table>
92    <tr>
93        <td colspan=4><?php echo formStart('action=""') ?><input type="hidden" name="id" value="<?php echo $listid ?>">
94            <?php echo s('Find an admin') ?>: <input type=text name="find"
95                                                                         value="<?php echo htmlentities($find) ?>"
96                                                                         size="40"><input type="submit"
97                                                                                          value="<?php echo s('Go') ?>">
98            </form></td>
99    </tr>
100</table>
101<?php
102$ls = new WebblerListing(s('Administrators'));
103$ls->usePanel($paging);
104$ls->setElementHeading('Login name');
105while ($admin = Sql_fetch_array($result)) {
106    $delete_url = sprintf("<a href=\"javascript:deleteRec('%s');\">".s('del').'</a>',
107        PageURL2('admins', 'Delete', "start=$start&amp;delete=".$admin['id']));
108    $ls->addElement(htmlentities($admin['loginname']),
109        PageUrl2('admin', s('Show'), "start=$start&amp;id=".$admin['id'].$remember_find));
110    $ls->addColumn($admin['loginname'], s('Id'), $admin['id']);
111    $ls->addColumn($admin['loginname'], s('email'), htmlspecialchars($admin['email']));
112    $ls->addColumn($admin['loginname'], s('Super Admin'), $admin['superuser'] ? s('Yes') : s('No'));
113    $ls->addColumn($admin['loginname'], s('Disabled'), $admin['disabled'] ? s('Yes') : s('No'));
114    if ($_SESSION['logindetails']['superuser'] && $admin['id'] != $_SESSION['logindetails']['id']) {
115        $ls->addColumn($admin['loginname'], s('Del'), $delete_url);
116    }
117}
118echo $ls->display();
119echo '<br/><hr class="hidden-lg hidden-md hidden-sm hidden-xs" />';
120