=head1 NAME

useredit.pl - generates a form for udpating user fields

=head1 OVERVIEW

generates a form for editing user fields.  The user to be edited is provided as 
a cgi paramter (userid) .  The page is displayed if the current user is an adminstrator or 
the current user has teh same id as the user to be edited.

=head1 AUTHOR

Girish Joshi - gjoshi@wam.umd.edu

=cut
 

use CGI ;
use DBI ;
use LSE::Database::Connection ;
use LSE::Database::Services ;
use LSE::Config ;
use strict ;
use warnings ;


my $q = new CGI ;
my $dbh = getConnection() ; 
my $userid = $q->param('userid');
$userid = $ENV{REMOTE_USER} if not defined $userid;
my $s_userid = $dbh->quote($userid) ;

print $q->header ;
#figure out who the current user actually is
my $current_user = $dbh->quote($ENV{REMOTE_USER}) ;
my $sth = $dbh->prepare("select * from users where userid = $current_user") ;
$sth->execute ;
my $current_user_info = $sth->fetchrow_hashref ;
#if the current user isn't an admin or the user to be edited,
#they don't have access
if (   (($userid ne $current_user_info->{userid}) 
       and ($current_user_info->{gid} ne 'admin')) or ($current_user_info->{userid} eq 'guest') 
   ) {
  print "Error: you aren't authorized to edit this page" ;
  exit ;
}	
$sth = $dbh->prepare("select * from users where userid = $s_userid") ;
$sth->execute ; 
my $user = $sth->fetchrow_hashref ;

#FORM START TAG
print <<EOT;
<form action = "updateuser.pl" method="POST">
Username: 
EOT

my $id = $user->{userid} ;

print <<EOT;
<input type = "text" name = "userid" value = "$id"><br>
Name:
<input type = "text" length = "20" name = "name" value = "$user->{name}" maxlength = "255"><br>
Email:
<input type = "text" length = "20" name = "email" value = "$user->{email}" maxlength = "255"><br>
Title:
<input type = "text" length = "20" name = "title" value = "$user->{title}" maxlength = "255"><br>
Institution:
<input type = "text" length = "20" name = "institution" value = "$user->{institution}" maxlength = "255"><br>
Research Interests:<br>
<textarea rows = "6" cols = "50" name = "resinterests">$user->{resinterests}
</textarea><br>
EOT

##Adminstrators getr a field that let them know the access level this
##user has.
if ( $current_user_info->{gid} eq 'admin' ) {
  print qq(Access:);
  print qq(<input type = "text" length = "20" name = "gid" value = "$user->{gid}" maxlength = "6"><br>);
}

  print <<EOT;	
<input type="reset">
<input type="submit" value = "submit data"><br><br>
Password:<BR>
<input type = "PASSWORD" name = "password" maxlength="8"><br>
Retype Password:<BR>
<input type = "PASSWORD" name = "cpassword" maxlength="8"><br>
<input type="reset">
<input type="submit" value = "submit pasword">
<br><br>
EOT


print qq(<input type="submit" value = "forgot password" name = "forgot">)
  if($current_user_info->{gid} eq 'admin');

print "</form>\n";

print qq(<a href="/">Back to home</a>);