<?php
/*********************************************************************************
 * The contents of this file are subject to the SugarCRM Public License Version 1.1.2
 * ("License"); You may not use this file except in compliance with the 
 * License. You may obtain a copy of the License at http://www.sugarcrm.com/SPL
 * Software distributed under the License is distributed on an  "AS IS"  basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
 * the specific language governing rights and limitations under the License.
 * The Original Code is:  SugarCRM Open Source
 * The Initial Developer of the Original Code is SugarCRM, Inc.
 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.;
 * All Rights Reserved.
 * Contributor(s): ______________________________________.
 ********************************************************************************/
/*********************************************************************************
 * $Header: /advent/projects/wesat/vtiger_crm/sugarcrm/modules/Users/Save.php,v 1.14 2005/03/17 06:37:39 rank Exp $
 * Description:  TODO: To be written.
 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
 * All Rights Reserved.
 * Contributor(s): ______________________________________..
 ********************************************************************************/

require_once('modules/Users/User.php');
require_once('include/logging.php');
require_once('modules/Users/UserInfoUtil.php');
$log =& LoggerManager::getLogger('index');


if (isset($_POST['record']) && !is_admin($current_user) && $_POST['record'] != $current_user->id) echo ("Unauthorized access to user administration.");
elseif (!isset($_POST['record']) && !is_admin($current_user)) echo ("Unauthorized access to user administration.");

$focus = new User();
$focus->retrieve($_POST['record']);
if(strtolower($current_user->is_admin) == 'off'  && $current_user->id != $focus->id){
		$log->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change settings for user:". $focus->id);
		header("Location: index.php?module=Users&action=Logout");
		exit;
	}
if(strtolower($current_user->is_admin) == 'off'  && isset($_POST['is_admin']) && strtolower($_POST['is_admin']) == 'on'){
		$log->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change is_admin settings for user:". $focus->id);
		header("Location: index.php?module=Users&action=Logout");
		exit;
	}
	
if (isset($_POST['user_name']) && isset($_POST['old_password']) && isset($_POST['new_password'])) {
	/*	
		//changing fourm password	
		define('IN_PHPBB', 1);
		
		$phpbb_root_path = "modules/MessageBoard/";
		require($phpbb_root_path . 'extension.inc');
		include($phpbb_root_path . 'common.php');
	*/	
		$new_pass = $_POST['new_password'];
		$new_passwd = $_POST['new_password'];
		$new_pass = md5($new_pass);
		$uname = $_POST['user_name'];
		//$sql = "UPDATE " . USERS_TABLE . " SET user_password = '$new_pass' WHERE username = '$uname'";
	/*
		if (!($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not update user password', '', __LINE__, __FILE__, $sql);
		}
	*/
		if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) {
		
			header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string));
		exit;
	}
}  
else {
	foreach($focus->column_fields as $field)
	{
		if(isset($_POST[$field]))
		{
			$value = $_POST[$field];
			$focus->$field = $value;
			
		}
	}
	
	foreach($focus->additional_column_fields as $field)
	{
		if(isset($_POST[$field]))
		{
			$value = $_POST[$field];
			$focus->$field = $value;
			
		}
	}
	
	if (!isset($_POST['is_admin'])) $focus->is_admin = 'off';
	
	
	if (!$focus->verify_data()) {
		header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string));
		exit;
	}
	else {	
		$focus->save("Users");
//		include('modules/Calendar/user_ins.php');
//		include("modules/Users/forum_register.php");	
		$return_id = $focus->id;
	}
}
if(isset($focus->id) && $focus->id != '')
{

  if(isset($_POST['user_role']))
  {
    updateUser2RoleMapping($_POST['user_role'],$focus->id);
  }
  if(isset($_POST['group_name']) && $_POST['group_name'] != '')
  {
    updateUsers2GroupMapping($_POST['group_name'],$focus->id);
  }
}
else
{
  if(isset($_POST['user_role']))
  {
    insertUser2RoleMapping($_POST['user_role'],$focus->id);
  }
  if(isset($_POST['group_name']))
  {
    insertUsers2GroupMapping($_POST['group_name'],$focus->id);
  }
}

if(isset($_POST['return_module']) && $_POST['return_module'] != "") $return_module = $_POST['return_module'];
else $return_module = "Users";
if(isset($_POST['return_action']) && $_POST['return_action'] != "") $return_action = $_POST['return_action'];
else $return_action = "DetailView";
if(isset($_POST['return_id']) && $_POST['return_id'] != "") $return_id = $_POST['return_id'];
if(isset($_REQUEST['activity_mode']))   $activitymode = '&activity_mode='.$_REQUEST['activity_mode'];

$log->debug("Saved record with id of ".$return_id);
header("Location: index.php?action=$return_action&module=$return_module&record=$return_id$activitymode");
?>