<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// Manage user settings
//  
// Displays user settings, allows one to control special user status
// and forum suspension (banishment).   Put this in html/ops,
// (or could be used by moderators for bans < 24 hrs).


// TODO: use DB abstraction layer

require_once("../inc/util.inc");
require_once("../inc/user.inc");
require_once("../inc/team.inc");
require_once("../inc/forum.inc");
require_once("../inc/util_ops.inc");
require_once("../inc/profile.inc");
require_once("../project/project.inc");

error_reporting(E_ALL);
ini_set('display_errors', true);
ini_set('display_startup_errors', true);

// Delete a user (or at least try to)
//
function delete_user($user){
    if (!empty($user->teamid)){
        user_quit_team($user);
    }
    if ($user->has_profile){
        _mysql_query("DELETE FROM profile WHERE userid = $user->id");
        delete_user_pictures($user->id);
        _mysql_query("UPDATE user SET has_profile=0 WHERE id=$user->id");
    }

    if ($user->total_credit > 0.0){
        error_page("Cannot delete user: User has credit.");
        return false;
    }  

    // Don't delete user if they have any outstanding Results
    //
    $q = "SELECT COUNT(*) AS count FROM result WHERE userid=".$user->id;
    $result = _mysql_query($q);
    $c = _mysql_fetch_object($result);
    _mysql_free_result($result);
    if ($c->count) {
        error_page("Cannot delete user: User has $c->count results in the database.");
    }

    // Don't delete user if they have posted to the forums
    //
    $q = "SELECT COUNT(*) AS count FROM post WHERE user=".$user->id;
    $result = _mysql_query($q);
    $c = _mysql_fetch_object($result);
    _mysql_free_result($result);
    if ($c->count) {
        error_page("Cannot delete user: User has $c->count forum posts.");
    }

    $q = "DELETE FROM user WHERE id=".$user->id;
    $result = _mysql_query($q);
}

// Process special user settings
//
function handle_special_user($user) {
    global $special_user_bitfield;
    $Nbf = sizeof($special_user_bitfield);
    $bits="";
    for ($i=0; $i<$Nbf; $i++) {
        $key = "special_user_$i";
        if (array_key_exists($key, $_POST) && $_POST[$key]) {
            $bits .= "1";
        } else {
            $bits .= "0";
        }
    }
    $q = "UPDATE forum_preferences SET special_user=\"$bits\" WHERE userid=$user->id";
    _mysql_query($q);
}


// Process a suspension:
//
function handle_suspend($user) {
    global $g_logged_in_user;
    $dt = post_int('suspend_for', true);

    $reason = $_POST['suspend_reason'];
    if ($dt > 0 && empty($reason)) {
        error_page("You must supply a reason for a suspension.
            <p><a href=manage_user.php?userid=$user->id>Try again</a>"
        );
    } else {
        if (is_numeric($dt)) {
            $t = $dt>0 ? time()+$dt : 0;
            $q = "UPDATE forum_preferences SET banished_until=$t WHERE userid=$user->id";
            _mysql_query($q);

            // put a timestamp in wiki to trigger re-validation of credentials

            if (function_exists('touch_wiki_user')){
                touch_wiki_user($user);  
            }

            // Send suspension e-mail to user and administrators

            if ($dt>0) {
                $subject = PROJECT." posting privileges suspended for ". $user->name;
                $body = "
Forum posting privileges for the " .PROJECT. " user \"".$user->name."\"
have been suspended for " .time_diff($dt). " by ".$g_logged_in_user->name.". 
The reason given was:

$reason

The suspension will end at " .time_str($t)."\n";
            } else {
                $subject = PROJECT." user ". $user->name. " unsuspended";
                $body = "
Forum posting privileges for the " .PROJECT. " user \"".$user->name."\"
have been restored by ".$g_logged_in_user->name."\n";
                if ($reason) {
                    $body.="The reason given was:\n\n   $reason\n";
                }
            }

            send_email($user, $subject, $body);

            $emails = explode(",", POST_REPORT_EMAILS);
            foreach ($emails as $email) {
                $admin->email_addr = $email;
                send_email($admin, $subject, $body);
            }
        }
    }
}

function show_manage_user_form($user) {
    global $special_user_bitfield;
    $Nbf = sizeof($special_user_bitfield);

    admin_page_head("Management $user->name");

    if (!defined("POST_REPORT_EMAILS")) {
        echo "<p><font color='RED'>
       There is no administrative email address defined for reporting problems
    or abuse in the forums.  Please define POST_REPORT_EMAILS in project.inc
            </font></p>\n";
    }

    echo "<form name='manage_user' action=manage_user.php method='POST'>
        <input type='hidden' name='userid' value='". $user->id."'>
    ";

    start_table();


    row1("<b>User: </b> $user->name <div align='right'>
            <input name=\"delete_user\" type=\"submit\" value=\"Delete user\">
            </div>"
    );

    show_user_summary_public($user);
    show_profile_link_ops($user);
    row2("Email:", "$user->email_addr");
    project_user_summary($user);
    end_table();
    project_user_page_private($user);

    echo "</form>\n";


    // Special User status:

    echo "\n\n<P>
       <table width='100%'><tr>
       <td width='50%' valign='TOP'> \n";

    echo "<form name='special_user' action=manage_user.php method=\"POST\">
        <input type='hidden' name='userid' value='".$user->id."'>
    ";

    start_table();
    row1("Special User Status");

    echo "<tr>\n";
    for ($i=0; $i<$Nbf; $i++) {
        $bit = substr($user->prefs->special_user, $i, 1);
        echo "<tr><td><input type='checkbox'' name='special_user_".$i."' value='1'";
        if ($bit == 1) {
            echo " checked='checked'";
        }
        echo ">". $special_user_bitfield[$i] ."</td></tr>\n";
    }
    echo "</tr>";

    echo "</tr><td colspan=$Nbf align='RIGHT'>
        <input name='special_user' type='SUBMIT' value='Update'>
        </td></tr>
    ";
    end_table();
    echo "</form>\n";

    echo "\n\n</td><td valign='TOP'>\n\n";


    // Suspended posting privileges

    echo "<form name='banishment' action=manage_user.php method=\"POST\">
        <input type='hidden' name='userid' value='".$user->id."'>
    ";
    start_table();
    row1("Suspension");

    if ($user->prefs->banished_until) {
        $dt = $user->prefs->banished_until - time();
        if ($dt > 0) {
            $x = " Suspended until " . time_str($user->prefs->banished_until)
                ."<br/> (Expires in " . time_diff($dt) .")" ;
        } else {
            $x = " last suspended " . time_str($user->prefs->banished_until);
        }
        row1($x);
    } else {
        $dt = 0;
    }

    echo "<tr><td>
    Suspend user for:
     <blockquote>
            <input type='radio' name='suspend_for' value='3600'> 1 hour   <br/>
            <input type='radio' name='suspend_for' value='7200'> 2 hours  <br/>
            <input type='radio' name='suspend_for' value='18000'> 6 hours  <br/>
            <input type='radio' name='suspend_for' value='36000'> 12 hours  <br/>
            <input type='radio' name='suspend_for' value='86400'> 24 hours  <br/>
    ";
    echo "
        <input type='radio' name='suspend_for' value='172800'> 48 hours  <br/>
        <input type='radio' name='suspend_for' value='",86400*7,"'> 1 week  <br/>
        <input type='radio' name='suspend_for' value='",86400*14,"'> 2 weeks  <br/>
    ";

    if ($dt>0) {
        echo "
            <input type='radio' name='suspend_for' value='-1'>  <b>unsuspend</b>   <br/>";
    }
    echo "
     </blockquote>

    ";

    echo "<P>Reason (required):\n";
    echo "<textarea name='suspend_reason' cols='40' rows='4'></textarea>";
    echo "<br><font size='-2' >The reason will be sent to both the user
            and to the project administrators.</font>\n";


    echo "<p align='RIGHT'><input name='suspend_submit' type='SUBMIT' value='Update'></P>\n";
    echo " </td></tr>\n";

    end_table();
    echo "</form>\n";

    echo "</td></tr> </table>\n";

    admin_page_tail();
}

get_logged_in_user();
db_init();

$q = null;

$id = get_int("userid", true);
if (!$id) {
    $id = post_int("userid", true);
}
if (!$id) error_page("No ID given");
$user = BoincUser::lookup_id($id);
if (!$user) error_page("No such user: $id");

BoincForumPrefs::lookup($user);

if (isset($_POST['delete_user'])) {
    delete_user($user);
    admin_page_head("User deleted");
    echo "User $user->name ($user->id) deleted";
    admin_page_tail();
}

if (isset($_POST['special_user'])) {
    handle_special_user($user);
    Header("Location: manage_user.php?userid=$user->id");
}
if (isset($_POST['suspend_submit'])) {
    handle_suspend($user);
    Header("Location: manage_user.php?userid=$user->id");
}

show_manage_user_form($user);

$cvs_version_tracker[]=        //Generated automatically - do not edit
    "\$Id$"; 
?>