Fix #22 - disable user button added

Author: Pryx

admin/lost-password.php

@@ -13,7 +13,7 @@
       $user->change_password($_POST['token']);
       if (isset($message)){?>
       <p class="alert alert-danger"><?php echo $message?></p>
-      <a href="<?php echo WEB_URL;?>/admin/?do=lost-password<?php echo "&amp;id=".$_POST['id']."&amp;token=".$_POST['token'];?>"><?php echo _("Go back");?> </a>
+      <a href="<?php echo WEB_URL;?>/admin/?do=lost-password<?php echo "&id=".$_POST['id']."&token=".$_POST['token'];?>"><?php echo _("Go back");?> </a>
       <?php 
       }
         else{?>

admin/new-user.php

@@ -9,7 +9,7 @@
     <h2>Add new user</h2>
 </div>
 
-<form action="<?php echo WEB_URL;?>/admin/?do=new-user&amp;new=user" method="POST" class="form-horizontal">
+<form action="<?php echo WEB_URL;?>/admin/?do=new-use&new=user" method="POST" class="form-horizontal">
 	<?php if (isset($message))
     {?>
       <p class="alert alert-danger"><?php echo $message?></p>

admin/settings.php

@@ -22,7 +22,7 @@
 <section>
 <h3 class="pull-left"><?php echo _("Services");?></h3>
 <?php if ($user->get_rank() <= 1){?>
-<form action="?do=settings&amp;new=service" method="post">
+<form action="?do=settings&new=service" method="post">
 	<div class="input-group pull-right new-service">
 		<input class="form-control" name="service" placeholder="Name" type="text" value="<?php echo ((isset($_POST['service']))?htmlspecialchars($_POST['service']):''); ?>" maxlength="50" required>
 		<span class="input-group-btn">
@@ -52,7 +52,7 @@
 	echo "<td>".$result['name']."</td>";
 	if ($user->get_rank()<=1)
 	{
-		echo '<td><a href="'.WEB_URL.'/admin/?do=settings&amp;delete='.$result['id'].'" class="pull-right delete-service"><i class="fa fa-trash"></i></a></td>';
+		echo '<td><a href="'.WEB_URL.'/admin/?do=settings&delete='.$result['id'].'" class="pull-right delete-service"><i class="fa fa-trash"></i></a></td>';
 	}
 	echo "</tr>";
 }?>
@@ -74,7 +74,7 @@
 {
 	echo "<tr>";
 	echo "<td>".$result['id']."</td>";
-	echo "<td><a href='".WEB_URL."/admin/?do=user&amp;id=".$result['id']."'>".$result['username']."</a></td>";
+	echo "<td><a href='".WEB_URL."/admin/?do=user&id=".$result['id']."'>".$result['username']."</a></td>";
 	echo "<td>".$result['name']."</td>";
 	echo "<td>".$result['surname']."</td>";
 	echo "<td><a href=\"mailto:".$result['email']."\">".$result['email']."</a></td>";

classes/constellation.php

@@ -39,7 +39,7 @@ public function render_incidents($future=false, $offset=0, $limit = 5, $admin =
     {
       if ($offset) 
       {
-        echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit+1).'&amp;timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>';
+        echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit+1).'&timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>';
       }
       echo "<h3>"._("Past incidents")."</h3>";
     }
@@ -59,7 +59,7 @@ public function render_incidents($future=false, $offset=0, $limit = 5, $admin =
       }
       if ($show)
       {
-        echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&amp;timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>';
+        echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>';
       }
     }
   }

classes/user.php

@@ -97,7 +97,7 @@ public function toggle()
       $stmt->bind_param("i", $this->id);
       $stmt->execute();
       $stmt->close();
-      header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
+      header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
     }else{
       $message = _("You don't have the permission to do that!");
     }
@@ -317,14 +317,14 @@ public function render_user_settings()
       <div class="col-md-2 col-md-offset-2"><strong><?php echo _("Username");?></strong></div>
       <div class="col-md-6"><?php echo $this->username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
       {
-        echo "<a href='".WEB_URL."/admin/?do=user&amp;id=".$this->id."&amp;what=toggle'>";
+        echo "<a href='".WEB_URL."/admin/?do=user&id=".$this->id."&what=toggle'>";
         echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i></a>";
       }else{
         echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i>";
       }?></div>
     </div>
 
-    <form action="<?php echo WEB_URL;?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
+    <form action="<?php echo WEB_URL;?>/admin/?do=user&id=<?php echo $this->id; ?>" method="POST">
       <div class="row">
         <div class="col-md-2 col-md-offset-2"><strong><?php echo _("Role");?></strong></div>
         <div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']){?> <div class="input-group"><select class="form-control" name="permission"><?php foreach ($permissions as $key => $value) {
@@ -379,7 +379,21 @@ public function render_user_settings()
     </div>
     <?php
   }
-
+  if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
+      {?>
+  <div class="row">
+      <div class="col-md-2 col-md-offset-2"></div>
+      <div class="col-md-6">
+        <?php
+        if ($this->active){
+          echo '<a href="'.WEB_URL.'/admin/?do=user&id='.$this->id.'&what=toggle" class="btn btn-danger">'._("Deactivate user")."</a>";
+        }else{
+          echo '<a href="'.WEB_URL.'/admin/?do=user&id='.$this->id.'&what=toggle" class="btn btn-success">'._("Activate user")."</a>";
+        }
+        ?>
+      </div>
+    </div>
+    <?php }
   }
 
   /**
@@ -484,7 +498,7 @@ public static function password_link()
 
     $token = Token::add($id, 'passwd', $time);
 
-    $link = WEB_URL."/admin/?do=lost-password&amp;id=$id&amp;token=$token";
+    $link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token";
     $to      = $email;
     $user = new User($id);
     $subject = _('Reset password') . ' - '.NAME;
@@ -510,7 +524,7 @@ public function email_link(){
     $token = Token::add($id, 'email;$email', $time);
 
 
-    $link = WEB_URL."/admin/?do=change-email&amp;id=$id&amp;token=$token";
+    $link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
     $to      = $email;
     $subject = _('Email change').' - '.NAME;
     $msg = sprintf(_( "Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
@@ -588,7 +602,7 @@ public function change_permission(){
       $stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?");
       $stmt->bind_param("si", $permission, $id);
       $stmt->execute();  
-      header("Location: ".WEB_URL."/admin/?do=user&amp;id=".$id);
+      header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
     }
     else{
       $message = _("You don't have permission to do that!");