= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersDelete')) { echo '

' . CREATE_NOT_AUTHORIZED . '

'; } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { echo '

' . CREATE_NOT_AUTHORIZED_USERLEVEL . '

'; } else { $group_intersect = serendipity_intersectGroup($user[0]['authorid']); if (serendipity_checkPermission('adminUsersMaintainOthers') || (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) { serendipity_deleteAuthor($user[0]['authorid']); printf('

' . DELETED_USER . '

', $serendipity['POST']['user'], $user[0]['realname']); serendipity_plugin_api::hook_event('backend_users_delete', $user[0]); } else { echo '

' . CREATE_NOT_AUTHORIZED_USERLEVEL . '

'; } } } /* Save new user */ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) { if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $_POST['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersCreateNew')) { echo '

' . CREATE_NOT_AUTHORIZED . '

'; } else { $serendipity['POST']['user'] = serendipity_addAuthor($_POST['username'], $_POST['pass'], $_POST['realname'], $_POST['email'], $_POST['userlevel']); $valid_groups = serendipity_getGroups($serendipity['authorid'], true); /* Save all the properties */ $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE); foreach($config as $category) { foreach ($category['items'] as $item) { if (in_array('groups', $item['flags'])) { if (serendipity_checkPermission('adminUsersMaintainOthers')) { // Void, no fixing neccessarry } elseif (serendipity_checkPermission('adminUsersMaintainSame')) { // Check that no user may assign groups he's not allowed to. foreach($_POST[$item['var']] AS $groupkey => $groupval) { if (in_array($groupval, $valid_groups)) { continue; } elseif ($groupval == 2 && in_array(3, $valid_groups)) { // Admin is allowed to assign users to chief editors continue; } elseif ($groupval == 1 && in_array(2, $valid_groups)) { // Chief is allowed to assign users to editors continue; } unset($_POST[$item['var']][$groupkey]); } } else { continue; } if (count($_POST[$item['var']]) < 1) { echo '

' . WARNING_NO_GROUPS_SELECTED . '

'; } else { serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false); } continue; } if (serendipity_checkConfigItemFlags($item, 'local')) { serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['authorid'] ? true : false)); } if (serendipity_checkConfigItemFlags($item, 'configuration')) { serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']); } } } serendipity_plugin_api::hook_event('backend_users_add', $serendipity['POST']['user']); printf('

' . CREATED_USER . '

', '#' . $serendipity['POST']['user'] . ', ' . $_POST['realname']); } } /* Edit a user */ if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) { $user = serendipity_fetchUsers($serendipity['POST']['user']); if (!serendipity_checkPermission('adminUsersMaintainOthers') && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) { echo '

' . CREATE_NOT_AUTHORIZED . '

'; } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { echo '

' . CREATE_NOT_AUTHORIZED_USERLEVEL . '

'; } else { $valid_groups = serendipity_getGroups($serendipity['authorid'], true); $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE); foreach($config as $category) { foreach ($category['items'] as $item) { if (in_array('groups', $item['flags'])) { if (serendipity_checkPermission('adminUsersMaintainOthers')) { // Void, no fixing neccessarry } elseif (serendipity_checkPermission('adminUsersMaintainSame')) { // Check that no user may assign groups he's not allowed to. foreach($_POST[$item['var']] AS $groupkey => $groupval) { if (in_array($groupval, $valid_groups)) { continue; } elseif ($groupval == 2 && in_array(3, $valid_groups)) { // Admin is allowed to assign users to chief editors continue; } elseif ($groupval == 1 && in_array(2, $valid_groups)) { // Chief is allowed to assign users to editors continue; } unset($_POST[$item['var']][$groupkey]); } } else { continue; } if (count($_POST[$item['var']]) < 1) { echo '

' . WARNING_NO_GROUPS_SELECTED . '

'; } else { serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false); } continue; } if (serendipity_checkConfigItemFlags($item, 'local')) { serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['user'] ? true : false)); } if (serendipity_checkConfigItemFlags($item, 'configuration')) { serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']); } } } $pl_data = array( 'id' => $serendipity['POST']['authorid'], 'authorid' => $serendipity['POST']['authorid'], 'username' => $_POST['username'], 'realname' => $_POST['realname'], 'email' => $_POST['email'] ); serendipity_updatePermalink($pl_data, 'author'); serendipity_plugin_api::hook_event('backend_users_edit', $pl_data); printf('

' . MODIFIED_USER . '

', $_POST['realname']); } } if ($serendipity['GET']['adminAction'] != 'delete') { ?>

= USERLEVEL_ADMIN ) { if ( $user['userlevel'] >= USERLEVEL_ADMIN ) { $img = serendipity_getTemplateFile('admin/img/user_admin.png'); } elseif ( $user['userlevel'] >= USERLEVEL_CHIEF ) { $img = serendipity_getTemplateFile('admin/img/user_chief.png'); } else { $img = serendipity_getTemplateFile('admin/img/user_editor.png'); } ?>

" class="serendipityIconLink"> <?php echo EDIT .

" /> " class="serendipityIconLink"> <?php echo DELETE .

" />

'; $user = serendipity_fetchUsers($serendipity['GET']['userid']); $group_intersect = serendipity_intersectGroup($user[0]['authorid']); if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $user[0]['authorid'] != $serendipity['authorid'] && !serendipity_checkPermission('adminUsersMaintainOthers')) { echo '' . CREATE_NOT_AUTHORIZED . '
'; echo EDIT; $from = array(); } elseif (serendipity_checkPermission('adminUsersMaintainOthers') || (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) { echo EDIT; $from = &$user[0]; unset($from['password']); echo ''; } else { echo '' . CREATE_NOT_AUTHORIZED . '
'; echo EDIT; $from = array(); } } else { echo CREATE; $from = array(); } ?>