<?php

	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'disableUser' )
		{
			$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION[ 'sess_userId' ] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
			fnc_writeLog ( '00000011' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
			header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
			die( );
		}

	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'enableUser' )
		{
			$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
			fnc_writeLog ( '00000012' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
			header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
			die( );
		}

	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'deleteUser' )
		{
			$db -> query ( 'UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION[ 'sess_userId' ] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
			fnc_writeLog ( '00000014' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
			header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
			die( );
		}

	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'resetPW' )
		{
			$status	= fnc_sendEmailToUser ( '00000015' , $_POST[ 'userId' ] , $_SESSION[ 'sess_userId' ] );
			if ( $status === 'OK' )
				{
					$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST[ 'userPasswordOrgCrypt' ] . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
					fnc_writeLog ( '00000015' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
					header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
					die( );
				}
			else
				{
					$arrError[ ]	= 'mail_001';
				}
			die( );
		}
	
	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'createUser' )
		{
			if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
				{
					$_POST[ 'user_portalRightsType' ]	= 'DEF';
				}
			$userPortalRights	= ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
								? ''
								: implode ( ';' , $_POST[ 'user_portalRights' ] );
				
			if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
				{
					$arrError[ ]	= 'mail_002';
				}
			if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] ) )
				{
					$arrError[ ]	= 'mail_003';
				}
				
			if ( isset ( $arrError ) && ! empty ( $arrError ) )
				{
					$_GET[ 'siteId' ]	= $_POST[ 'siteId' ];
					$_GET[ 'todoId' ]	= $_POST[ 'todoId' ];
				}
			else
				{
					$userName	= fnc_generateUniqueUsername ( $_POST[ 'userLastname' ] , $_POST[ 'userFirstname' ] );
					$passWord	= fnc_generatePW ( );
					$crypt		= md5 ( $passWord );
					$insert		= $db -> query ( 'INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST[ 'userEmail' ] . '" , "' . $_POST[ 'userPhone' ] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST[ 'userFirstname' ] . '" , "' . $_POST[ 'userLastname' ] . '" , "' . $_SESSION[ 'sess_userId' ] . '" , "Y" , "N" , "' . $_POST[ 'user_portalRightsType' ] . '" , "' . $userPortalRights . '" );' );
					$userId		= $db -> insert_id;
					
					foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
						{
							if ( ! isset ( $_POST[ 'user' . $website . 'RightsType' ] ) )
								{
									$_POST[ 'user' . $website . 'RightsType' ]	= 'DEF';
								}
							$userWebsiteRights	= ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
												? ''
												: implode ( ';' , $_POST[ 'user' . $website . 'Rights' ] );

							$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
						}
						
					fnc_sendEmailToUser ( '00000010' , $userId , $_SESSION[ 'sess_userId' ] );
					fnc_writeLog ( '00000010' , array ( fnc_getUsernameById ( $userId ) ) , $_SESSION[ 'sess_userId' ] );
					header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
					die ( );
				}
		}
		
	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'editUser' )
		{
			if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
				{
					$_POST[ 'user_portalRightsType' ]	= 'DEF';
				}
			$userPortalRights	= ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
								? ''
								: implode ( ';' , $_POST[ 'user_portalRights' ] );
			
			if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
				{
					$arrError[ ]	= 'mail_002';
				}
			if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] , $_POST[ 'userId' ] ) )
				{
					$arrError[ ]	= 'mail_003';
				}
			
			if ( isset ( $arrError ) && ! empty ( $arrError ) )
				{
					$_GET[ 'siteId' ]	= $_POST[ 'siteId' ];
					$_GET[ 'todoId' ]	= $_POST[ 'todoId' ];
					$_GET[ 'userId' ]	= $_POST[ 'userId' ];
				}
			else
				{
					$db -> query ( 'UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST[ 'userLastname' ] . '" , userFirstname = "' . $_POST[ 'userFirstname' ] . '" , userEmail = "' . $_POST[ 'userEmail' ] . '" , userPhone = "' . $_POST[ 'userPhone' ] . '" , userPortalRightsType = "' . $_POST[ 'user_portalRightsType' ] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
					
					foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
						{
							if ( ! isset ( $_POST[ 'user_' . $website . 'RightsType' ] ) )
								{
									$_POST[ 'user_' . $website . 'RightsType' ]	= 'DEF';
								}
							$userWebsiteRights	= ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
												? ''
												: implode ( ';' , $_POST[ 'user_' . $website . 'Rights' ] );
							$rights	= $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
							if ( $rights -> num_rows === 0 )
								{
									$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST[ 'userId' ] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
								}
							else
								{
									$db -> query ( 'UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
								}
						}
						
					fnc_writeLog ( '00000013' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
					header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
					die ( );
				}
		}

?>