showuser.php3 1.27 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
<?php
include("defs.php3");
include("showstuff.php3");

#
# Standard Testbed Header
#
PAGEHEADER("Show User Information");

#
# Note the difference with which this page gets it arguments!
# I invoke it using GET arguments, so uid and pid are are defined
# without having to find them in URI (like most of the other pages
# find the uid).
#

#
# Only known and logged in users can do this.
#
20
$uid = GETLOGIN();
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
LOGGEDINORDIE($uid);

$isadmin = ISADMIN($uid);

#
# Verify form arguments.
# 
if (!isset($target_uid) ||
    strcmp($target_uid, "") == 0) {
    USERERROR("You must provide a User ID.", 1);
}

#
# Check to make sure thats this is a valid UID.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36 37
$query_result =
    DBQueryFatal("SELECT * FROM users WHERE uid='$target_uid'");
38
if (mysql_num_rows($query_result) == 0) {
39
  USERERROR("The user $target_uid is not a valid user", 1);
40 41 42 43
}

#
# Verify that this uid is a member of one of the projects that the
Leigh B. Stoller's avatar
Leigh B. Stoller committed
44
# target_uid is in. Must have proper permission in that group too. 
45
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
46 47 48 49 50 51
if (!$isadmin &&
    strcmp($uid, $target_uid)) {

    if (! TBUserInfoAccessCheck($uid, $target_uid, $TB_USERINFO_READINFO)) {
	USERERROR("You do not have permission to view this user's ".
		  "information!", 1);
52 53 54 55 56 57 58 59 60 61 62 63
    }
}

SHOWUSER($target_uid);

echo "</center>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
?>