From 1cdf16421bd42ef5327888f3f56867a2a9192be0 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <jamsoftgamedev@gmail.com>
Date: Tue, 18 Jun 2013 00:11:30 +0200
Subject: [PATCH 1/3] Update .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 43dfe16..f36e7e0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ installer/slave_sfx.py
 installer/master_sfx.py
 *.pyc
 testing
+.geanyprj

From 1a32c9672a894f6881849056b687f36898898a60 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <jamsoftgamedev@gmail.com>
Date: Tue, 18 Jun 2013 00:12:12 +0200
Subject: [PATCH 2/3] Add 'edit user' page

---
 frontend/locales/english.lng                  |  7 +++
 frontend/modules/admin/user/edit.php          | 61 +++++++++++++++++++
 frontend/rewrite.php                          |  7 +++
 .../templates/default/admin/user/edit.tpl     | 45 ++++++++++++++
 4 files changed, 120 insertions(+)
 create mode 100644 frontend/modules/admin/user/edit.php
 create mode 100644 frontend/templates/default/admin/user/edit.tpl

diff --git a/frontend/locales/english.lng b/frontend/locales/english.lng
index a35ba55..01262dd 100644
--- a/frontend/locales/english.lng
+++ b/frontend/locales/english.lng
@@ -248,6 +248,13 @@ admin-level-nodeadmin;							Node administrator
 admin-level-masteradmin;						Master administrator
 header-admin-user-vpses;						VPSes owned by this user
 
+## User editing
+title-admin-edituser;							Edit user
+edituser-username;							Username
+edituser-email;								Email address
+edituser-access;							Account type
+button-admin-edituser;							Apply changes
+
 ## VPS list
 title-admin-vpslist;							VPS overview
 list-column-hostname;							Hostname
diff --git a/frontend/modules/admin/user/edit.php b/frontend/modules/admin/user/edit.php
new file mode 100644
index 0000000..45bc91f
--- /dev/null
+++ b/frontend/modules/admin/user/edit.php
@@ -0,0 +1,61 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+
+if(!isset($_APP)) { die("Unauthorized."); }
+
+try
+{
+	$sUser = new User($router->uParameters[1]);
+}
+catch (NotFoundException $e)
+{
+	throw new RouterException("Specified user does not exist.");
+}
+
+$sErrors = array();
+
+if($router->uMethod == "post")
+{	
+	if(empty($_POST['username']) || preg_match("/^[a-z0-9_.-]+$/i", $_POST['username']) === 0)
+	{
+		$sErrors[] = "You did not enter a valid username.";
+	}
+	
+	if(empty($_POST['email']) || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false)
+	{
+		$sErrors[] = "You did not enter a valid e-mail address.";
+	}
+	
+	if(empty($_POST['access']) || preg_match("/^[0-9]+$/", $_POST['access']) === 0)
+	{
+		$sErrors[] = "You did not specify a valid user type.";
+	}
+	
+	if(empty($sErrors))
+	{
+		$sUser->uUsername = $_POST['username'];
+		$sUser->uEmailAddress = $_POST['email'];
+		$sUser->uAccessLevel = $_POST['access'];
+		$sUser->InsertIntoDatabase();
+		redirect("/admin/user/{$sUser->sId}/");
+	}
+}
+
+$sPageContents = NewTemplater::Render("{$sTheme}/admin/user/edit", $locale->strings, array(
+	"errors"	=> $sErrors,
+	"id"		=> $router->uParameters[1]
+), array(
+	"username"	=> $sUser->sUsername,
+	"email"		=> $sUser->sEmailAddress,
+	"access"	=> $sUser->sAccessLevel
+));
diff --git a/frontend/rewrite.php b/frontend/rewrite.php
index c59a783..4bd6ee6 100644
--- a/frontend/rewrite.php
+++ b/frontend/rewrite.php
@@ -136,6 +136,13 @@ try
 				'auth_error'			=> "modules/error/access.php",
 				'_menu'				=> "admin"
 			),
+			/* Admin - Users - Edit */
+			'^/admin/user/([0-9]+)/edit/?$'	=> array(
+				'target'			=> "modules/admin/user/edit.php",
+				'authenticator'			=> "authenticators/admin.php",
+				'auth_error'			=> "modules/error/access.php",
+				'_menu'				=> "admin"
+			),
 			/* Admin - Users - Create VPS */
 			'^/admin/user/([0-9]+)/add/?$'	=> array(
 				'target'			=> "modules/admin/vps/create.php",
diff --git a/frontend/templates/default/admin/user/edit.tpl b/frontend/templates/default/admin/user/edit.tpl
new file mode 100644
index 0000000..6ada2b7
--- /dev/null
+++ b/frontend/templates/default/admin/user/edit.tpl
@@ -0,0 +1,45 @@
+<h2>{%!title-admin-edituser}</h2>
+
+{%if isempty|errors == false}
+	<div class="errorhandler error-error">
+		<div class="error-title">{%!error-form}</div>
+		<div class="error-message">
+			<ul>
+				{%foreach error in errors}
+					<li>{%?error}</li>
+				{%/foreach}
+			</ul>
+		</div>
+	</div>
+{%/if}
+
+<form method="post" action="/admin/user/{%?id}/edit/" class="add dark">
+	<div class="field">
+		<label for="form_edituser_username">{%!edituser-username}</label>
+		{%input type="text" group="edituser" name="username"}
+		<div class="clear"></div>
+	</div>
+	
+	<div class="field">
+		<label for="form_edituser_email">{%!edituser-email}</label>
+		{%input type="text" group="edituser" name="email"}
+		<div class="clear"></div>
+	</div>
+	
+	<div class="field">
+		<label for="form_edituser_access">{%!edituser-access}</label>
+		{%select type="text" group="edituser" name="access"}
+			{%option value="1" text="{%!admin-level-enduser}"}
+			<!-- {%option value="10" text="{%!admin-level-reseller}"} -->
+			{%option value="20" text="{%!admin-level-nodeadmin}"}
+			{%option value="30" text="{%!admin-level-masteradmin}"}
+		{%/select}
+		<div class="clear"></div>
+	</div>
+	
+	<div class="field">
+		<div class="filler"></div>
+		<button type="submit" name="submit">{%!button-admin-edituser}</button>
+		<div class="clear"></div>
+	</div>
+</form>

From 1ec52b4f4a81f2dcd4973514aea7ef225d6991e7 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <jamsoftgamedev@gmail.com>
Date: Tue, 18 Jun 2013 00:18:38 +0200
Subject: [PATCH 3/3] Prevent lockouts

---
 frontend/modules/admin/user/edit.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/frontend/modules/admin/user/edit.php b/frontend/modules/admin/user/edit.php
index 45bc91f..9cf61e0 100644
--- a/frontend/modules/admin/user/edit.php
+++ b/frontend/modules/admin/user/edit.php
@@ -40,6 +40,23 @@ if($router->uMethod == "post")
 	{
 		$sErrors[] = "You did not specify a valid user type.";
 	}
+	else
+	{
+		if($sUser->sAccessLevel == 30 && $_POST['access'] < 30)
+		{
+			/* This user is a master admin, check if any other master admins exist before lowering
+			 * the permissions of this one, to prevent lock-outs. */
+			 
+			try
+			{
+				User::CreateFromQuery("SELECT * FROM users WHERE `AccessLevel` = 30 AND `Id` != :Id", array(":Id" => $sUser->sId), 0);
+			}
+			catch (NotFoundException $e)
+			{
+				$sErrors[] = "You can't remove your master administrator permissions if no other master administrators exist!";
+			}
+		}
+	}
 	
 	if(empty($sErrors))
 	{