<?php require_once './auth.php';
require_once ('connect.php');


//darf alles nur ausgeführt werden, wenn man Administrator ist
$username=$_SESSION['user']['username'];
$sql_userlevel= "SELECT userlevel FROM koordinator WHERE username='$username'";
$result_userlevel =mysqli_query($db_link, $sql_userlevel);
$row_userlevel = mysqli_fetch_assoc($result_userlevel);
mysqli_close($db_link);
if ($row_userlevel['userlevel']==2){
	$message = array();
	if (!empty($_POST)) {
		if (
			empty($_POST['f']['username']) ||
			empty($_POST['f']['password']) ||
			empty($_POST['f']['password_again'])
		) {
			$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
		} else if ($_POST['f']['password'] != $_POST['f']['password_again']) {
			$message['error'] = 'Die eingegebenen Passwörter stimmen nicht überein.';
		} else {
			unset($_POST['f']['password_again']);
			$salt = ''; 
			for ($i = 0; $i < 22; $i++) { 
				$salt .= substr('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', mt_rand(0, 63), 1); 
			}
			$_POST['f']['password'] = crypt(
				$_POST['f']['password'],
				'$2a$10$' . $salt
			);
 
			$mysqli = @new mysqli('rdbms.strato.de', 'U3279746', '193nomoreDB', 'DB3279746');
			if ($mysqli->connect_error) {
				$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
			}
			$query = sprintf(
				"INSERT INTO koordinator (username, password)
				SELECT * FROM (SELECT '%s', '%s') as new_user
				WHERE NOT EXISTS (
					SELECT username FROM koordinator WHERE username = '%s'
				) LIMIT 1;",
				$mysqli->real_escape_string($_POST['f']['username']),
				$mysqli->real_escape_string($_POST['f']['password']),
				$mysqli->real_escape_string($_POST['f']['username'])
			);
			$mysqli->query($query);
			if ($mysqli->affected_rows == 1) {
				$message['success'] = 'Neuer Benutzer (' . htmlspecialchars($_POST['f']['username']) . ') wurde angelegt, <a href="login.php">weiter zur Anmeldung</a>.';
				header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
			} else {
				$message['error'] = 'Der Benutzername ist bereits vergeben.';
			}
			$mysqli->close();
		}
	} else {
		$message['notice'] = 'Übermitteln Sie das ausgefüllte Formular um ein neues Benutzerkonto zu erstellen.';
	}
?>


<!DOCTYPE HTML>

<html>
	<head>
		<title>Homepage der Sporkoordinatoren des Main-Kinzig-Kreises</title>
		<meta http-equiv="content-type" content="text/html; charset=utf-8" />
		<meta name="description" content="" />
		<meta name="keywords" content="" />
		<!--[if lte IE 8]><script src="js/html5shiv.js"></script><![endif]-->
		<script src="js/jquery.min.js"></script>
		<script src="js/skel.min.js"></script>
		<script src="js/skel-layers.min.js"></script>
		<script src="js/init.js"></script>
		<noscript>
			<link rel="stylesheet" href="css/skel.css" />
			<link rel="stylesheet" href="css/style.css" />
			<link rel="stylesheet" href="css/style-xlarge.css" />
		</noscript>
	</head>
	<body>

	<!-- Header -->
	<header id="header">
		<nav id="nav">
			<ul>
				<li><a href='wettkaempfeA.php'>WK-Programm verwalten</a></li>
				<li><a href="vorstellung.php">Kontakt</a></li>
				<li><a href='logout.php' class='button fit small'>Abmelden</a></li>				
			</ul>
		</nav>
	</header>

	<!-- Main -->
	<section id="main" class="wrapper">
		<div class="container">

			<header class="major special">
				<h2>User verwalten</h2>
				<p>User hinzufügen</p>
			</header>
			
			<form action="./userverwaltung.php" method="post">
				<?php if (isset($message['error'])): ?>
						<fieldset class="error"><legend>Fehler</legend><?php echo $message['error'] ?></fieldset>
				<?php endif;
				if (isset($message['success'])): ?>
					<fieldset class="success"><legend>Erfolg</legend><?php echo $message['success'] ?></fieldset>
				<?php endif;
				if (isset($message['notice'])): ?>
					<fieldset class="notice"><legend>Hinweis</legend><?php echo $message['notice'] ?></fieldset>
				<?php endif; ?>
				<fieldset>
				<legend>Benutzerdaten</legend>
				<div><label for="username">Benutzername</label> <input type="text" name="f[username]" id="username"<?php echo isset($_POST['f']['username']) ? ' value="' . htmlspecialchars($_POST['f']['username']) . '"' : '' ?> /></div>
				<div><label for="password">Kennwort</label> <input type="password" name="f[password]" id="password" /></div>
				<div><label for="password_again">Kennwort wiederholen</label> <input type="password" name="f[password_again]" id="password_again" /></div>
				</fieldset>
				<br/>
				<fieldset>
					<ul class="actions">
						<li></li><input type="submit" name="submit" value="Registrieren" /></li>
						<li></li><a href='settings.php' class='button alt small'>Zurück</a></li>
					</ul>
				</fieldset>
			</form>
		</div>
	</section>

	<!-- Footer -->
	<footer id="footer">
		<div class="container">
			<ul class="copyright">
				<li>&copy; U. Schumacher</li>
				<li>Design: <a href="http://templated.co">TEMPLATED</a></li>
				<li><a href="disclaimer.php">Disclaimer</a></li>
			</ul>
		</div>
	</footer>

	</body>
</html>
<?php
}
?>