Initial revision

2002-05-02 15:54:48 +00:00 · 2002-05-02 15:54:48 +00:00 · 01e11d7871
commit 01e11d7871
parent bb66c11a6a
41 changed files with 5420 additions and 3155 deletions
--- a/lib/WebGUI/Operation/Account.pm
+++ b/lib/WebGUI/Operation/Account.pm
@ -17,7 +17,6 @@ use strict;
 use URI;
 use WebGUI::DateTime;
 use WebGUI::ErrorHandler;
-use WebGUI::Form;
 use WebGUI::International;
 use WebGUI::Mail;
 use WebGUI::Paginator;
@ -26,11 +25,26 @@ use WebGUI::Session;
 use WebGUI::Shortcut;
 use WebGUI::SQL;
 use WebGUI::URL;
+use WebGUI::User;
 use WebGUI::Utility;

 our @ISA = qw(Exporter);
 our @EXPORT = qw(&www_viewMessageLog &www_viewProfile &www_editProfile &www_editProfileSave &www_createAccount &www_deactivateAccount &www_deactivateAccountConfirm &www_displayAccount &www_displayLogin &www_login &www_logout &www_recoverPassword &www_recoverPasswordFinish &www_createAccountSave &www_updateAccount);
-our %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol Error (2)', 3=>'Time Limit Exceeded (3)', 4=>'Size Limit Exceeded (4)', 5=>'Compare False (5)', 6=>'Compare True (6)', 7=>'Auth Method Not Supported (7)', 8=>'Strong Auth Required (8)', 9=>'Referral (10)', 11=>'Admin Limit Exceeded (11)', 12=>'Unavailable Critical Extension (12)', 13=>'Confidentiality Required (13)', 14=>'Sasl Bind In Progress (14)', 15=>'No Such Attribute (16)', 17=>'Undefined Attribute Type (17)', 18=>'Inappropriate Matching (18)', 19=>'Constraint Violation (19)', 20=>'Attribute Or Value Exists (20)', 21=>'Invalid Attribute Syntax (21)', 32=>'No Such Object (32)', 33=>'Alias Problem (33)', 34=>'Invalid DN Syntax (34)', 36=>'Alias Dereferencing Problem (36)', 48=>'Inappropriate Authentication (48)', 49=>'Invalid Credentials (49)', 50=>'Insufficient Access Rights (50)', 51=>'Busy (51)', 52=>'Unavailable (52)', 53=>'Unwilling To Perform (53)', 54=>'Loop Detect (54)', 64=>'Naming Violation (64)', 65=>'Object Class Violation (65)', 66=>'Not Allowed On Non Leaf (66)', 67=>'Not Allowed On RDN (67)', 68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)', 71=>'Affects Multiple DSAs (71)', 80=>'other (80)');
+our %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol Error (2)',
+        3=>'Time Limit Exceeded (3)', 4=>'Size Limit Exceeded (4)', 5=>'Compare False (5)',
+        6=>'Compare True (6)', 7=>'Auth Method Not Supported (7)', 8=>'Strong Auth Required (8)',
+        9=>'Referral (10)', 11=>'Admin Limit Exceeded (11)', 12=>'Unavailable Critical Extension (12)',
+        13=>'Confidentiality Required (13)', 14=>'Sasl Bind In Progress (14)',
+        15=>'No Such Attribute (16)', 17=>'Undefined Attribute Type (17)',
+        18=>'Inappropriate Matching (18)', 19=>'Constraint Violation (19)',
+        20=>'Attribute Or Value Exists (20)', 21=>'Invalid Attribute Syntax (21)', 32=>'No Such Object (32)',
+        33=>'Alias Problem (33)', 34=>'Invalid DN Syntax (34)', 36=>'Alias Dereferencing Problem (36)',
+        48=>'Inappropriate Authentication (48)', 49=>'Invalid Credentials (49)',
+        50=>'Insufficient Access Rights (50)', 51=>'Busy (51)', 52=>'Unavailable (52)',
+        53=>'Unwilling To Perform (53)', 54=>'Loop Detect (54)', 64=>'Naming Violation (64)',
+        65=>'Object Class Violation (65)', 66=>'Not Allowed On Non Leaf (66)', 67=>'Not Allowed On RDN (67)',
+        68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)',
+        71=>'Affects Multiple DSAs (71)', 80=>'other (80)');

 #-------------------------------------------------------------------
 sub _accountOptions {
@ -82,43 +96,86 @@ sub _logLogin {
                quote($session{env}{REMOTE_ADDR}).",".quote($session{env}{HTTP_USER_AGENT}).")");
 }

+#-------------------------------------------------------------------
+sub _validateProfileData {
+	my (%data, $error, $a, %field);
+	tie %field, 'Tie::CPHash';
+        $a = WebGUI::SQL->read("select * from userProfileField");
+        while (%field = $a->hash) {
+		if ($field{fieldType} eq "date") {
+			$session{form}{$field{fieldName}} = setToEpoch($session{form}{$field{fieldName}});
+		}
+		$data{$field{fieldName}} = $session{form}{$field{fieldName}} if (exists $session{form}{$field{fieldName}});
+		if ($field{required} && $session{form}{$field{fieldName}} eq "") {
+			$error .= '<li>';
+			$error .= eval $field{fieldLabel};
+			$error .= ' '.WebGUI::International::get(451);
+		}
+        }
+        $a->finish;
+	return (\%data, $error);
+}
+
 #-------------------------------------------------------------------
 sub www_createAccount {
-	my ($output, %language, @array);
+	my ($output, %language, @array, 
+        	$previousCategory, $category, $f, $a, %data, $default, $label, $values, $method);
+        tie %data, 'Tie::CPHash';
 	if ($session{user}{userId} != 1) {
                $output .= www_displayAccount();
-	} elsif ($session{setting}{anonymousRegistration} eq "no") {
+	} elsif (!$session{setting}{anonymousRegistration}) {
 		$output .= www_displayLogin();
        } else {
 		$output .= '<h1>'.WebGUI::International::get(54).'</h1>';
-		$output .= formHeader();
-		$output .= WebGUI::Form::hidden("op","createAccountSave");
-		$output .= '<table>';
-		unless ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding} eq "yes") {
-			$output .= tableFormRow(WebGUI::International::get(50),WebGUI::Form::text("username",20,35));
+        	$f = WebGUI::HTMLForm->new();
+		$f->hidden("op","createAccountSave");
+		unless ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
+			$f->text("username",WebGUI::International::get(50),$session{form}{username});
 		}
 		if ($session{setting}{authMethod} eq "LDAP") {
-			$output .= WebGUI::Form::hidden("identifier1","ldap-password");
-			$output .= WebGUI::Form::hidden("identifier2","ldap-password");
-			$output .= tableFormRow($session{setting}{ldapIdName},WebGUI::Form::text("ldapId",20,100));
-			$output .= tableFormRow($session{setting}{ldapPasswordName},
-				WebGUI::Form::password("ldapPassword",20,100));
+			$f->hidden("identifier1","ldap-password");
+			$f->hidden("identifier2","ldap-password");
+			$f->text("ldapId",$session{setting}{ldapIdName});
+			$f->password("ldapPassword",$session{setting}{ldapPasswordName});
 		} else {
-			$output .= tableFormRow(WebGUI::International::get(51),
-				WebGUI::Form::password("identifier1",20,35));
-			$output .= tableFormRow(WebGUI::International::get(55),
-				WebGUI::Form::password("identifier2",20,35));
+			$f->password("identifier1",WebGUI::International::get(51));
+			$f->password("identifier2",WebGUI::International::get(55));
 		}
-		$output .= tableFormRow(WebGUI::International::get(56),
-			WebGUI::Form::text("email",20,255).'<span class="formSubtext"><br>'.
-			WebGUI::International::get(57).'</span>');
-		%language = WebGUI::SQL->buildHash("select distinct(language) from international");
-		$array[0] = "English";
-		$output .= tableFormRow(WebGUI::International::get(304),
-			WebGUI::Form::selectList("language",\%language,\@array));
-		$output .= formSave();
-		$output .= '</table>';
-		$output .= '</form> ';
+        	$a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory 
+			where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId 
+			order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
+        	while(%data = $a->hash) {
+                	if ($data{required}) {
+                        	$category = eval $data{categoryName};
+                        	if ($category ne $previousCategory) {
+                                	#$f->raw('<tr><td colspan="2" class="tableHeader">'.$category.'</td></tr>');
+                        	}
+                        	$values = eval $data{dataValues};
+                        	$method = $data{dataType};
+                        	$label = eval $data{fieldLabel};
+                        	if ($method eq "select") {
+                                        # note: this big if statement doesn't look elegant, but doing regular
+                                        # ORs caused problems with the array reference.
+                                        if ($session{form}{$data{fieldName}}) {
+                                                $default = [$session{form}{$data{fieldName}}];
+                                        } elsif ($session{user}{$data{fieldName}}) {
+                                                $default = [$session{user}{$data{fieldName}}];
+                                        } else {
+                                                $default = eval $data{dataDefault};
+                                        }
+                                	$f->select($data{fieldName},$values,$label,$default);
+                        	} else {
+                                	$default = $session{form}{$data{fieldName}} 
+						|| $session{user}{$data{fieldName}} 
+						|| eval $data{dataDefault};
+                                	$f->$method($data{fieldName},$label,$default);
+                        	}
+                        	$previousCategory = $category;
+                	}
+       		}
+        	$a->finish;
+		$f->submit;
+		$output .= $f->print;
 		$output .= '<div class="accountOptions"><ul>';
 		$output .= '<li><a href="'.WebGUI::URL::page('op=displayLogin').'">'.
 			WebGUI::International::get(58).'</a>';
@ -133,21 +190,22 @@ sub www_createAccount {

 #-------------------------------------------------------------------
 sub www_createAccountSave {
-        my ($username, $uri, $ldap, $port, %args, $search, $connectDN, $auth, $output, $error, $uid, $registeredUserExpire, $encryptedPassword);
-        if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding} eq "yes") {
+        my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search, 
+		$connectDN, $auth, $output, $error, $uid,  
+		$encryptedPassword, $fieldName);
+        if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
                $username = $session{form}{ldapId};
        } else {
                $username = $session{form}{username};
        }
        if (_hasBadUsername($username)) {
-                $error = WebGUI::International::get(77);
+                $error = '<li>'.WebGUI::International::get(77);
                $error .= ' "'.$username.'too", ';
                $error .= '"'.$username.'2", ';
                $error .= '"'.$username.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
-                $error .= '<p>';
        }
        if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
-                $error .= WebGUI::International::get(78);
+                $error .= '<li>'.WebGUI::International::get(78);
        }
        if ($session{setting}{authMethod} eq "LDAP") {
                $uri = URI->new($session{setting}{ldapURL});
@ -166,26 +224,34 @@ sub www_createAccountSave {
                        $ldap = Net::LDAP->new($uri->host, %args) or $error .= WebGUI::International::get(79);
                        $auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{ldapPassword});
                        if ($auth->code == 48 || $auth->code == 49) {
-                                $error .= WebGUI::International::get(68);
+                                $error .= '<li>'.WebGUI::International::get(68);
                                WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
                        } elsif ($auth->code > 0) {
-                                $error .= 'LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. '.WebGUI::International::get(69);
+                                $error .= '<li>LDAP error "'.$ldapStatusCode{$auth->code}.'" occured. '.WebGUI::International::get(69);
                                WebGUI::ErrorHandler::warn("LDAP error: ".$ldapStatusCode{$auth->code});
                        }
                        $ldap->unbind;
                } else {
-                        $error .= WebGUI::International::get(68);
+                        $error .= '<li>'.WebGUI::International::get(68);
                        WebGUI::ErrorHandler::warn("Invalid LDAP information for registration of LDAP ID: ".$session{form}{ldapId});
                }
        }
+	($profile, $temp) = _validateProfileData();
+	$error .= $temp;
        if ($error eq "") {
                $encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
-                $uid = getNextId("userId");
-                WebGUI::SQL->write("insert into users (userId,username,identifier,email,authMethod,ldapURL,connectDN,language) values ($uid, ".quote($username).", ".quote($encryptedPassword).", ".quote($session{form}{email}).", ".quote($session{setting}{authMethod}).", ".quote($session{setting}{ldapURL}).", ".quote($connectDN).", ".quote($session{form}{language}).")");
-		($registeredUserExpire) = WebGUI::SQL->quickArray("select expireAfter from groups where groupId=2");
-                WebGUI::SQL->write("insert into groupings values (2,$uid,".(time()+$registeredUserExpire).")");
-                WebGUI::Session::start($uid);
-		_logLogin($uid,"success");
+		$u = WebGUI::User->new("new");
+		$u->username($username);
+		$u->identifier($encryptedPassword);
+		$u->authMethod($session{setting}{authMethod});
+		$u->ldapURL($session{setting}{ldapURL});
+		$u->connectDN($connectDN);
+		foreach $fieldName (keys %{$profile}) {
+			$u->profileField($fieldName,${$profile}{$fieldName});
+		}
+		$u->addToGroups([2]);
+                WebGUI::Session::start($u->userId);
+		_logLogin($u->userId,"success");
        } else {
                $output = "<h1>".WebGUI::International::get(70)."</h1>".$error.www_createAccount();
        }
@ -209,9 +275,10 @@ sub www_deactivateAccount {

 #-------------------------------------------------------------------
 sub www_deactivateAccountConfirm {
+	my ($u);
        if ($session{user}{userId} != 1) {
-                WebGUI::SQL->write("delete from users where userId=$session{user}{userId}");
-                WebGUI::SQL->write("delete from groupings where userId=$session{user}{userId}");
+		$u = WebGUI::User->new($session{user}{userId});
+		$u->delete;
 	        WebGUI::Session::end($session{var}{sessionId});
        }
        return www_displayLogin();
@ -219,38 +286,26 @@ sub www_deactivateAccountConfirm {

 #-------------------------------------------------------------------
 sub www_displayAccount {
-        my ($output, %hash, @array);
+        my ($output, %hash, @array, $f);
 	if ($session{user}{userId} != 1) {
        	$output .= '<h1>'.WebGUI::International::get(61).'</h1>';
-		$output .= formHeader();
-        	$output .= WebGUI::Form::hidden("op","updateAccount");
-        	$output .= '<table>';
-		if ($session{user}{authMethod} eq "LDAP" && $session{setting}{usernameBinding} eq "yes") {
-			$output .= WebGUI::Form::hidden("username",$session{user}{username});
-        		$output .= tableFormRow(WebGUI::International::get(50),$session{user}{username});
+		$f = WebGUI::HTMLForm->new;
+        	$f->hidden("op","updateAccount");
+		if ($session{user}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
+			$f->hidden("username",$session{user}{username});
+        		$f->readOnly($session{user}{username},WebGUI::International::get(50));
 		} else {
-        		$output .= tableFormRow(WebGUI::International::get(50),
-				WebGUI::Form::text("username",20,35,$session{user}{username}));
+        		$f->text("username",WebGUI::International::get(50),$session{user}{username});
 		}
 		if ($session{user}{authMethod} eq "LDAP") {
-        		$output .= WebGUI::Form::hidden("identifier1","password");
-        		$output .= WebGUI::Form::hidden("identifier2","password");
+        		$f->hidden("identifier1","password");
+        		$f->hidden("identifier2","password");
 		} else {
-        		$output .= tableFormRow(WebGUI::International::get(51),
-				WebGUI::Form::password("identifier1",20,35,"password"));
-        		$output .= tableFormRow(WebGUI::International::get(55),
-				WebGUI::Form::password("identifier2",20,35,"password"));
+        		$f->password("identifier1",WebGUI::International::get(51),"password");
+        		$f->password("identifier2",WebGUI::International::get(55),"password");
 		}
-        	$output .= tableFormRow(WebGUI::International::get(56),
-			WebGUI::Form::text("email",20,255,$session{user}{email}).
-			'<span class="formSubtext"><br>'.WebGUI::International::get(57).'</span>');
-		%hash = WebGUI::SQL->buildHash("select distinct(language) from international");
-		$array[0] = $session{user}{language};
-        	$output .= tableFormRow(WebGUI::International::get(304),
-			WebGUI::Form::selectList("language",\%hash,\@array));
-		$output .= formSave();
-        	$output .= '</table>';
-        	$output .= '</form> ';
+		$f->submit;
+		$output .= $f->print;
 		$output .= _accountOptions();
        } else {
                $output .= www_displayLogin();
@ -260,23 +315,19 @@ sub www_displayAccount {

 #-------------------------------------------------------------------
 sub www_displayLogin {
-	my ($output);
+	my ($output, $f);
 	if ($session{var}{sessionId}) {
 		$output .= www_displayAccount();
 	} else {
        	$output .= '<h1>'.WebGUI::International::get(66).'</h1>';
-		$output .= formHeader();
-		$output .= WebGUI::Form::hidden("op","login");
-		$output .= '<table>';
-        	$output .= tableFormRow(WebGUI::International::get(50),
-			WebGUI::Form::text("username",20,35));
-        	$output .= tableFormRow(WebGUI::International::get(51),
-			WebGUI::Form::password("identifier",20,35));
-		$output .= '<tr><td></td><td>'.WebGUI::Form::submit(WebGUI::International::get(52)).'</td></tr>';
-		$output .= '</table>';
-		$output .= '</form>';
+		$f = WebGUI::HTMLForm->new;
+		$f->hidden("op","login");
+        	$f->text("username",WebGUI::International::get(50));
+        	$f->password("identifier",WebGUI::International::get(51));
+		$f->submit(WebGUI::International::get(52));
+		$output .= $f->print;
 		$output .= '<div class="accountOptions"><ul>';
-		if ($session{setting}{anonymousRegistration} eq "yes") {
+		if ($session{setting}{anonymousRegistration}) {
 			$output .= '<li><a href="'.WebGUI::URL::page('op=createAccount').'">'.
 				WebGUI::International::get(67).'</a>';
 		}
@ -291,76 +342,52 @@ sub www_displayLogin {

 #-------------------------------------------------------------------
 sub www_editProfile {
-	my ($output, %gender, @array);
-	%gender = ('neuter'=>WebGUI::International::get(403),'male'=>WebGUI::International::get(339),'female'=>WebGUI::International::get(340));
+	my ($output, $f, $a, %data, $method, $values, $category, $label, $default, $previousCategory, $subtext);
        if ($session{user}{userId} != 1) {
               	$output .= '<h1>'.WebGUI::International::get(338).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editProfileSave");
-                $output .= WebGUI::Form::hidden("uid",$session{user}{userId});
-                $output .= '<table>';
-		if ($session{setting}{profileName}) {
-			$output .= tableFormRow(WebGUI::International::get(314),
-				WebGUI::Form::text("firstName",20,50,$session{user}{firstName}));
-                	$output .= tableFormRow(WebGUI::International::get(315),
-				WebGUI::Form::text("middleName",20,50,$session{user}{middleName}));
-                	$output .= tableFormRow(WebGUI::International::get(316),
-				WebGUI::Form::text("lastName",20,50,$session{user}{lastName}));
-		}
-		if ($session{setting}{profileExtraContact}) {
-                	$output .= tableFormRow(WebGUI::International::get(317),
-				WebGUI::Form::text("icq",20,30,$session{user}{icq}));
-                	$output .= tableFormRow(WebGUI::International::get(318),
-				WebGUI::Form::text("aim",20,30,$session{user}{aim}));
-                	$output .= tableFormRow(WebGUI::International::get(319),
-				WebGUI::Form::text("msnIM",20,30,$session{user}{msnIM}));
-                	$output .= tableFormRow(WebGUI::International::get(320),
-				WebGUI::Form::text("yahooIM",20,30,$session{user}{yahooIM}));
-                	$output .= tableFormRow(WebGUI::International::get(321),
-				WebGUI::Form::text("cellPhone",20,30,$session{user}{cellPhone}));
-                	$output .= tableFormRow(WebGUI::International::get(322),
-				WebGUI::Form::text("pager",20,30,$session{user}{pager}));
-		}
-		if ($session{setting}{profileHome}) {
-                	$output .= tableFormRow(WebGUI::International::get(323),
-				WebGUI::Form::text("homeAddress",20,128,$session{user}{homeAddress}));
-                	$output .= tableFormRow(WebGUI::International::get(324),
-				WebGUI::Form::text("homeCity",20,30,$session{user}{homeCity}));
-                	$output .= tableFormRow(WebGUI::International::get(325),
-				WebGUI::Form::text("homeState",20,30,$session{user}{homeState}));
-                	$output .= tableFormRow(WebGUI::International::get(326),
-				WebGUI::Form::text("homeZip",20,15,$session{user}{homeZip}));
-                	$output .= tableFormRow(WebGUI::International::get(327),
-				WebGUI::Form::text("homeCountry",20,30,$session{user}{homeCountry}));
-                	$output .= tableFormRow(WebGUI::International::get(328),
-				WebGUI::Form::text("homePhone",20,30,$session{user}{homePhone}));
-		}
-		if ($session{setting}{profileWork}) {
-                	$output .= tableFormRow(WebGUI::International::get(329),
-				WebGUI::Form::text("workAddress",20,128,$session{user}{workAddress}));
-                	$output .= tableFormRow(WebGUI::International::get(330),
-				WebGUI::Form::text("workCity",20,30,$session{user}{workCity}));
-                	$output .= tableFormRow(WebGUI::International::get(331),
-				WebGUI::Form::text("workState",20,30,$session{user}{workState}));
-                	$output .= tableFormRow(WebGUI::International::get(332),
-				WebGUI::Form::text("workZip",20,15,$session{user}{workZip}));
-			$output .= tableFormRow(WebGUI::International::get(333),
-				WebGUI::Form::text("workCountry",20,30,$session{user}{workCountry}));
-                	$output .= tableFormRow(WebGUI::International::get(334),
-				WebGUI::Form::text("workPhone",20,30,$session{user}{workPhone}));
-		}
-		if ($session{setting}{profileMisc}) {
-			$array[0] = $session{user}{gender};
-                	$output .= tableFormRow(WebGUI::International::get(335),
-				WebGUI::Form::selectList("gender",\%gender,\@array));
-                	$output .= tableFormRow(WebGUI::International::get(336),
-				WebGUI::Form::text("birthdate",20,30,$session{user}{birthdate}));
-                	$output .= tableFormRow(WebGUI::International::get(337),
-				WebGUI::Form::text("homepage",20,2048,$session{user}{homepage}));
-		}
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form>';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editProfileSave");
+                $f->hidden("uid",$session{user}{userId});
+                $a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory
+                        where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId
+                        order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
+                while(%data = $a->hash) {
+                        if ($data{visible}) {
+                                $category = eval $data{categoryName};
+                                if ($category ne $previousCategory) {
+                                        $f->raw('<tr><td colspan="2" class="tableHeader">'.$category.'</td></tr>');
+                                }
+                                $values = eval $data{dataValues};
+                                $method = $data{dataType};
+                                $label = eval $data{fieldLabel};
+				if ($data{required}) {
+					$subtext = "*";
+				} else {
+					$subtext = "";
+				}
+                                if ($method eq "select") {
+                                        # note: this big if statement doesn't look elegant, but doing regular
+					# ORs caused problems with the array reference.
+					if ($session{form}{$data{fieldName}}) {
+						$default = [$session{form}{$data{fieldName}}];
+					} elsif ($session{user}{$data{fieldName}}) {
+						$default = [$session{user}{$data{fieldName}}];
+					} else {
+						$default = eval $data{dataDefault};
+					}
+                                        $f->select($data{fieldName},$values,$label,$default,'','','',$subtext);
+                                } else {
+                                        $default = $session{form}{$data{fieldName}}
+                                                || $session{user}{$data{fieldName}}
+                                                || eval $data{dataDefault};
+                                        $f->$method($data{fieldName},$label,$default,'','',$subtext);
+                                }
+                                $previousCategory = $category;
+                        }
+                }
+                $a->finish;
+		$f->submit;
+		$output .= $f->print;
                $output .= _accountOptions();
        } else {
                $output .= www_displayLogin();
@ -370,9 +397,18 @@ sub www_editProfile {

 #-------------------------------------------------------------------
 sub www_editProfileSave {
+	my ($profile, $fieldName, $error, $u);
        if ($session{user}{userId} != 1) {
-		WebGUI::SQL->write("update users set firstName=".quote($session{form}{firstName}).", middleName=".quote($session{form}{middleName}).", lastName=".quote($session{form}{lastName}).", icq=".quote($session{form}{icq}).", aim=".quote($session{form}{aim}).", msnIM=".quote($session{form}{msnIM}).", yahooIM=".quote($session{form}{yahooIM}).", homeAddress=".quote($session{form}{homeAddress}).", homeCity=".quote($session{form}{homeCity}).", homeState=".quote($session{form}{homeState}).", homeZip=".quote($session{form}{homeZip}).", homeCountry=".quote($session{form}{homeCountry}).", homePhone=".quote($session{form}{homePhone}).", workAddress=".quote($session{form}{workAddress}).", workCity=".quote($session{form}{workCity}).", workState=".quote($session{form}{workState}).", workZip=".quote($session{form}{workZip}).", workCountry=".quote($session{form}{workCountry}).", workPhone=".quote($session{form}{workPhone}).", cellPhone=".quote($session{form}{cellPhone}).", pager=".quote($session{form}{pager}).", gender=".quote($session{form}{gender}).", birthdate=".quote($session{form}{birthdate}).", homepage=".quote($session{form}{homepage})." where userId=".$session{form}{uid});
-		return www_displayAccount();
+		($profile, $error) = _validateProfileData();
+        	if ($error eq "") {
+			$u = WebGUI::User->new($session{user}{userId});
+                	foreach $fieldName (keys %{$profile}) {
+                        	$u->profileField($fieldName,${$profile}{$fieldName});
+			}
+			return www_displayAccount();
+                } else {
+			return '<ul>'.$error.'</ul>'.www_editProfile();	
+		}
 	} else {
 		return www_displayLogin();
 	}
@ -380,10 +416,11 @@ sub www_editProfileSave {

 #-------------------------------------------------------------------
 sub www_login {
-	my ($uri, $port, $ldap, %args, $auth, $error, $uid,$pass,$authMethod, $ldapURL, $connectDN, $success);
-	($uid,$pass,$authMethod, $ldapURL, $connectDN) = WebGUI::SQL->quickArray("select userId,identifier,authMethod,ldapURL,connectDN from users where username=".quote($session{form}{username}));
-	if ($authMethod eq "LDAP") {
-                $uri = URI->new($ldapURL);
+	my ($uri, $port, $ldap, %args, $auth, $error, $uid, $success, $u);
+	($uid) = WebGUI::SQL->quickArray("select userId from users where username=".quote($session{form}{username}));
+	$u = WebGUI::User->new($uid);
+	if ($u->authMethod eq "LDAP") {
+                $uri = URI->new($u->ldapURL);
                if ($uri->port < 1) {
                        $port = 389;
                } else {
@ -391,7 +428,7 @@ sub www_login {
                }
                %args = (port => $port);
                $ldap = Net::LDAP->new($uri->host, %args) or $error = WebGUI::International::get(79);
-                $auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{identifier});
+                $auth = $ldap->bind(dn=>$u->connectDN, password=>$session{form}{identifier});
                if ($auth->code == 48 || $auth->code == 49) {
 			$error = WebGUI::International::get(68);
 			WebGUI::ErrorHandler::warn("Invalid login for user account: ".$session{form}{username});
@ -406,7 +443,7 @@ sub www_login {
 		}
                $ldap->unbind;
 	} else {
-		if (Digest::MD5::md5_base64($session{form}{identifier}) eq $pass && $session{form}{identifier} ne "") {
+		if (Digest::MD5::md5_base64($session{form}{identifier}) eq $u->identifier && $session{form}{identifier} ne "") {
 			$success = 1;
 		} else {
 			$error = WebGUI::International::get(68);
@ -431,20 +468,18 @@ sub www_logout {

 #-------------------------------------------------------------------
 sub www_recoverPassword {
-	my ($output);
+	my ($output, $f);
        if ($session{var}{sessionId}) {
                $output .= www_displayAccount();
        } else {
                $output .= '<h1>'.WebGUI::International::get(71).'</h1>';
-		$output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","recoverPasswordFinish");
-                $output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(56),WebGUI::Form::text("email",20,255));
-                $output .= '<tr><td></td><td>'.WebGUI::Form::submit(WebGUI::International::get(72)).'</td></tr>';
-                $output .= '</table>';
-                $output .= '</form>';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","recoverPasswordFinish");
+                $f->email("email",WebGUI::International::get(56));
+                $f->submit(WebGUI::International::get(72));
+		$output .= $f->print;
                $output .= '<div class="accountOptions"><ul>';
-		if ($session{setting}{anonymousRegistration} eq "yes") {
+		if ($session{setting}{anonymousRegistration}) {
 			$output .= '<li><a href="'.WebGUI::URL::page('op=createAccount').'">'.
 				WebGUI::International::get(67).'</a>';
 		}
@ -458,7 +493,9 @@ sub www_recoverPassword {
 #-------------------------------------------------------------------
 sub www_recoverPasswordFinish {
 	my ($sth, $username, $encryptedPassword, $userId, $password, $flag, $message, $output);
-	$sth = WebGUI::SQL->read("select username, userId from users where email=".quote($session{form}{email}));
+	$sth = WebGUI::SQL->read("select users.username, users.userId from users, userProfileData 
+		where users.userId=userProfileData.userId and userProfileData.fieldName='email' 
+		and fieldData=".quote($session{form}{email}));
 	while (($username,$userId) = $sth->array) {
 	        foreach (0,1,2,3,4,5) {
        	        $password .= chr(ord('A') + randint(32));
@ -484,7 +521,7 @@ sub www_recoverPasswordFinish {

 #-------------------------------------------------------------------
 sub www_updateAccount {
-        my ($output, $error, $encryptedPassword, $passwordStatement);
+        my ($output, $error, $encryptedPassword, $passwordStatement, $u);
        if ($session{var}{sessionId}) {
        	if (_hasBadUsername($session{form}{username})) {
                	$error = WebGUI::International::get(77);
@ -502,14 +539,15 @@ sub www_updateAccount {
 			}
 		}
        	if ($error eq "") {
+			$u = WebGUI::User->new($session{user}{userId});
                	$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
-                	WebGUI::SQL->write("update users set username=".quote($session{form}{username}).$passwordStatement.", email=".quote($session{form}{email}).", language=".quote($session{form}{language})." where userId=".$session{user}{userId});
+			$u->identifier($encryptedPassword);
+			$u->username($session{form}{username});
                	$output .= WebGUI::International::get(81).'<p>';
-                	$output .= www_displayAccount();
        	} else {
                	$output = $error;
-                	$output .= www_createAccount();
        	}
+                $output .= www_displayAccount();
 	} else {
 		$output .= www_displayLogin();
 	}
@ -555,69 +593,35 @@ sub www_viewMessageLog {

 #-------------------------------------------------------------------
 sub www_viewProfile {
-        my ($output, %user, %gender);
+        my ($a, %data, $category, $label, $value, $previousCategory, $output, $u, %gender);
 	%gender = ('neuter'=>WebGUI::International::get(403),'male'=>WebGUI::International::get(339),'female'=>WebGUI::International::get(340));
-	%user = WebGUI::SQL->quickHash("select * from users where userId='$session{form}{uid}'");
-	if ($user{username} eq "") {
+	$u = WebGUI::User->new($session{form}{uid});
+	if ($u->username eq "") {
 		WebGUI::Privilege::notMember();
        } elsif ($session{user}{userId} != 1) {
-                $output .= '<h1>'.WebGUI::International::get(347).' '.$user{username}.'</h1>';
+                $output .= '<h1>'.WebGUI::International::get(347).' '.$u->username.'</h1>';
                $output .= '<table>';
-		if ($user{email} ne "") {
-                	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(56).'</td><td class="tableData"><a href="mailto:'.$user{email}.'">'.$user{email}.'</a></td></tr>';
-		}
-                if ($session{setting}{profileName}) {
-			if ($user{firstName} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(348).'</td><td class="tableData">'.$user{firstName}.' '.$user{middleName}.' '.$user{lastName}.'</td></tr>';
-			}
-                }
-                if ($session{setting}{profileExtraContact}) {
-			if ($user{icq} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(317).'</td><td class="tableData">'.$user{icq}.'</td></tr>';
-			}
-			if ($user{aim} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(318).'</td><td class="tableData">'.$user{aim}.'</td></tr>';
-			}
-			if ($user{msnIM} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(319).'</td><td class="tableData">'.$user{msnIM}.'</td></tr>';
-			}
-			if ($user{yahooIM} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(320).'</td><td class="tableData">'.$user{yahooIM}.'</td></tr>';
-			}
-			if ($user{cellPhone} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(321).'</td><td class="tableData">'.$user{cellPhone}.'</td></tr>';
-			}
-			if ($user{pager} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(322).'</td><td class="tableData">'.$user{pager}.'</td></tr>';
-			}
-                }
-                if ($session{setting}{profileHome}) {
-			if ($user{homeAddress} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(323).'</td><td class="tableData">'.$user{homeAddress}.'<br>'.$user{homeCity}.', '.$user{homeState}.' '.$user{homeZip}.' '.$user{homeCountry}.'</td></tr>';
-			}
-			if ($user{homePhone} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(328).'</td><td class="tableData">'.$user{homePhone}.'</td></tr>';
-			}
-                }
-                if ($session{setting}{profileWork}) {
-			if ($user{workAddress} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(329).'</td><td class="tableData">'.$user{workAddress}.'<br>'.$user{workCity}.', '.$user{workState}.' '.$user{workZip}.' '.$user{workCountry}.'</td></tr>';
-			}
-			if ($user{workPhone} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(334).'</td><td class="tableData">'.$user{workPhone}.'</td></tr>';
-			}
-                }
-                if ($session{setting}{profileMisc}) {
-			if ($user{gender} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(335).'</td><td class="tableData">'.$gender{$user{gender}}.'</td></tr>';
-			}
-			if ($user{birthdate} ne "") {
-                        	$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(336).'</td><td class="tableData">'.$user{birthdate}.'</td></tr>';
-			}
-			if ($user{homepage} ne "") {
-				$output .= '<tr><td class="tableHeader" valign="top">'.WebGUI::International::get(337).'</td><td class="tableData"><a href="'.$user{homepage}.'">'.$user{homepage}.'</a></td></tr>';
+                $a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory
+                        where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId
+			and userProfileCategory.profileCategoryId<>4
+			and userProfileField.visible=1
+                        order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
+                while (%data = $a->hash) {
+                	$category = eval $data{categoryName};
+                        if ($category ne $previousCategory) {
+                        	$output .= '<tr><td colspan="2" class="tableHeader">'.$category.'</td></tr>';
+                        }
+                        $label = eval $data{fieldLabel};
+			if ($data{dataValues}) {
+				$value = eval $data{dataValues};
+				$value = ${$value}{$u->profileField($data{fieldName})};
+			} else {
+				$value = $u->profileField($data{fieldName});
 			}
+			$output .= '<tr><td class="tableHeader">'.$label.'</td><td class="tableData">'.$value.'</td></tr>';
+                        $previousCategory = $category;
                }
+                $a->finish;
                $output .= '</table>';
 		if ($session{user}{userId} == $session{form}{uid}) {
                	$output .= _accountOptions();
--- a/lib/WebGUI/Operation/Page.pm
+++ b/lib/WebGUI/Operation/Page.pm
@ -23,7 +23,7 @@ use WebGUI::URL;
 use WebGUI::Utility;

 our @ISA = qw(Exporter);
-our @EXPORT = qw(&www_movePageUp &www_movePageDown &www_addPage &www_addPageSave &www_cutPage &www_deletePage &www_deletePageConfirm &www_editPage &www_editPageSave &www_pastePage);
+our @EXPORT = qw(&www_viewPageTree &www_movePageUp &www_movePageDown &www_addPage &www_addPageSave &www_cutPage &www_deletePage &www_deletePageConfirm &www_editPage &www_editPageSave &www_pastePage);

 #-------------------------------------------------------------------
 sub _recursivelyChangePrivileges {
@ -52,12 +52,38 @@ sub _reorderPages {
        my ($sth, $i, $pid);
        $sth = WebGUI::SQL->read("select pageId from page where parentId=$_[0] order by sequenceNumber");
        while (($pid) = $sth->array) {
-                WebGUI::SQL->write("update page set sequenceNumber='$i' where pageId=$pid");
                $i++;
+                WebGUI::SQL->write("update page set sequenceNumber='$i' where pageId=$pid");
        }
        $sth->finish;
 }

+#-------------------------------------------------------------------
+sub _traversePageTree {
+        my ($a, $b, %page, %widget, $output, $depth, $i, $spacer);
+	tie %page, 'Tie::CPHash';
+	tie %widget, 'Tie::CPHash';
+        $spacer = '<img src="'.$session{setting}{lib}.'/spacer.gif" width=12>';
+        for ($i=1;$i<=$_[1];$i++) {
+                $depth .= $spacer;
+        }
+        $a = WebGUI::SQL->read("select * from page where (pageId<2 or pageId>25) and parentId='$_[0]' order by sequenceNumber");
+        while (%page = $a->hash) {
+                $output .= $depth.'<img src="'.$session{setting}{lib}.'/page.gif" align="middle">'.
+			' <a href="'.WebGUI::URL::gateway($page{urlizedTitle}).'">'.$page{title}.'</a><br>';
+		$b = WebGUI::SQL->read("select * from widget where pageId=$page{pageId}");
+		while (%widget = $b->hash) {
+                	$output .= $depth.$spacer.
+				'<img src="'.$session{setting}{lib}.'/widget.gif"> '.
+				$widget{title}.'<br>';
+		}
+		$b->finish;
+                $output .= _traversePageTree($page{pageId},$_[1]+1);
+        }
+        $a->finish;
+        return $output;
+}
+
 #-------------------------------------------------------------------
 sub www_addPage {
 	my ($output, @array, %hash);
@ -111,7 +137,7 @@ sub www_addPageSave {
 		} else {
 			$menuTitle = $session{form}{menuTitle};
 		}
-		$urlizedTitle = WebGUI::URL::makeUnique(WebGUI::URL::urlize($session{form}{title}));
+		$urlizedTitle = WebGUI::URL::makeUnique(WebGUI::URL::urlize($menuTitle));
 		WebGUI::SQL->write("insert into page values (".getNextId("pageId").", $parentId, ".quote($session{form}{title}).", $session{page}{styleId}, $session{user}{userId}, $session{page}{ownerView}, $session{page}{ownerEdit}, $session{page}{groupId}, $session{page}{groupView}, $session{page}{groupEdit}, $session{page}{worldView}, $session{page}{worldEdit}, '$nextSeq', ".quote($session{form}{metaTags}).", '$urlizedTitle', '$session{form}{defaultMetaTags}', '$session{form}{template}', ".quote($menuTitle).", ".quote($session{form}{synopsis}).")");
 		return "";
 	} else {
@ -244,9 +270,9 @@ sub www_editPageSave {
                        $session{form}{title} = "no title";
                }
 		$urlizedTitle = WebGUI::URL::makeUnique(
-			WebGUI::URL::urlize($session{form}{urlizedTitle}),
-			$session{page}{pageId}
-			);
+                        WebGUI::URL::urlize($session{form}{urlizedTitle}),
+                        $session{page}{pageId}
+                        );
                WebGUI::SQL->write("update page set title=".quote($session{form}{title}).", styleId=$session{form}{styleId}, ownerId=$session{form}{ownerId}, ownerView=$session{form}{ownerView}, ownerEdit=$session{form}{ownerEdit}, groupId='$session{form}{groupId}', groupView=$session{form}{groupView}, groupEdit=$session{form}{groupEdit}, worldView=$session{form}{worldView}, worldEdit=$session{form}{worldEdit}, metaTags=".quote($session{form}{metaTags}).", urlizedTitle='$urlizedTitle', defaultMetaTags='$session{form}{defaultMetaTags}', template='$session{form}{template}', menuTitle=".quote($session{form}{menuTitle}).", synopsis=".quote($session{form}{synopsis})." where pageId=$session{page}{pageId}");
 		if ($session{form}{recurseStyle} eq "yes") {
 			_recursivelyChangeStyle($session{page}{pageId});
@ -296,8 +322,8 @@ sub www_movePageUp {
 #-------------------------------------------------------------------
 sub www_pastePage {
        my ($output, $nextSeq);
-		($nextSeq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from page where parentId=$session{page}{pageId}");
-		$nextSeq += 1;
+	($nextSeq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from page where parentId=$session{page}{pageId}");
+	$nextSeq += 1;
        if (WebGUI::Privilege::canEditPage()) {
                WebGUI::SQL->write("update page set parentId=$session{page}{pageId}, sequenceNumber='$nextSeq' where pageId=$session{form}{pageId}");
 		_reorderPages($session{page}{pageId});
@ -307,6 +333,13 @@ sub www_pastePage {
        }
 }

+#-------------------------------------------------------------------
+sub www_viewPageTree {
+	my ($output);
+	$output = '<h1>'.WebGUI::International::get(448).'</h1>';
+	$output .= _traversePageTree(0,0);
+	return $output;
+}

 1;

--- a/lib/WebGUI/Operation/ProfileSettings.pm
+++ b/lib/WebGUI/Operation/ProfileSettings.pm
@ -0,0 +1,363 @@
+package WebGUI::Operation::ProfileSettings;
+
+#-------------------------------------------------------------------
+# WebGUI is Copyright 2001-2002 Plain Black Software.
+#-------------------------------------------------------------------
+# Please read the legal notices (docs/legal.txt) and the license
+# (docs/license.txt) that came with this distribution before using
+# this software.
+#-------------------------------------------------------------------
+# http://www.plainblack.com                     info@plainblack.com
+#-------------------------------------------------------------------
+
+use Exporter;
+use strict;
+use Tie::CPHash;
+use Tie::IxHash;
+use WebGUI::HTMLForm;
+use WebGUI::Icon;
+use WebGUI::International;
+use WebGUI::Privilege;
+use WebGUI::Session;
+use WebGUI::SQL;
+
+our @ISA = qw(Exporter);
+our @EXPORT = qw(&www_deleteProfileCategoryConfirm &www_deleteProfileFieldConfirm &www_editProfileCategorySave &www_editProfileFieldSave &www_deleteProfileCategory &www_deleteProfileField &www_editProfileCategory &www_editProfileField &www_moveProfileCategoryDown &www_moveProfileCategoryUp &www_moveProfileFieldDown &www_moveProfileFieldUp &www_editProfileSettings);
+
+#-------------------------------------------------------------------
+sub _reorderCategories {
+        my ($sth, $i, $id);
+        $sth = WebGUI::SQL->read("select profileCategoryId from userProfileCategory order by sequenceNumber");
+        while (($id) = $sth->array) {
+                $i++;
+                WebGUI::SQL->write("update userProfileCategory set sequenceNumber='$i' where profileCategoryId=$id");
+        }
+        $sth->finish;
+}
+
+#-------------------------------------------------------------------
+sub _reorderFields {
+        my ($sth, $i, $id);
+        $sth = WebGUI::SQL->read("select fieldName from userProfileField where profileCategoryId=".quote($_[0])." order by sequenceNumber");
+        while (($id) = $sth->array) {
+                $i++;
+                WebGUI::SQL->write("update userProfileField set sequenceNumber='$i' where fieldName=".quote($id));
+        }
+        $sth->finish;
+}
+
+#-------------------------------------------------------------------
+sub _subMenu {
+	my ($output);
+	$output = '<table width="100%"><tr><td class="tableData" valign="top">';
+        $output .= $_[0];
+        $output .= '</td><td class="tableMenu" valign="top">';
+        $output .= '<li><a href="'.WebGUI::URL::page("op=editProfileCategory").'">'.WebGUI::International::get(490).'</a>';
+        $output .= '<li><a href="'.WebGUI::URL::page("op=editProfileField").'">'.WebGUI::International::get(491).'</a>';
+        $output .= '<li><a href="'.WebGUI::URL::page("op=editProfileSettings").'">'.WebGUI::International::get(492).'</a>';
+        $output .= '<li><a href="'.WebGUI::URL::page().'">'.WebGUI::International::get(493).'</a>';
+        $output .= '</td></tr></table>';
+	return $output;
+}
+
+#-------------------------------------------------------------------
+sub www_deleteProfileCategory {
+        my ($output);
+        if ($session{form}{cid} < 100) {
+                return WebGUI::Privilege::vitalComponent();
+        } elsif (WebGUI::Privilege::isInGroup(3)) {
+                $output = '<h1>'.WebGUI::International::get(42).'</h1>';
+                $output .= WebGUI::International::get(466).'<p>';
+                $output .= '<div align="center"><a href="'.
+                        WebGUI::URL::page('op=deleteProfileCategoryConfirm&cid='.$session{form}{cid}).
+                        '">'.WebGUI::International::get(44).'</a>';
+                $output .= '&nbsp;&nbsp;&nbsp;&nbsp;<a href="'.WebGUI::URL::page('op=editProfileSettings').'">'.
+                        WebGUI::International::get(45).'</a></div>';
+		return _subMenu($output);
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_deleteProfileCategoryConfirm {
+        if ($session{form}{cid} < 100) {
+                return WebGUI::Privilege::vitalComponent();
+        } elsif (WebGUI::Privilege::isInGroup(3)) {
+		WebGUI::SQL->write("delete from userProfileCategory where profileCategoryId=$session{form}{cid}");
+		WebGUI::SQL->write("update userProfileField set profileCategoryId=1 where profileCategoryId=$session{form}{cid}");
+                return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_deleteProfileField {
+        my ($output,$protected);
+	($protected) = WebGUI::SQL->quickArray("select protected from userProfileField where fieldname=".quote($session{form}{fid}));
+        if ($protected) {
+                return WebGUI::Privilege::vitalComponent();
+        } elsif (WebGUI::Privilege::isInGroup(3)) {
+                $output = '<h1>'.WebGUI::International::get(42).'</h1>';
+                $output .= WebGUI::International::get(467).'<p>';
+                $output .= '<div align="center"><a href="'.
+                        WebGUI::URL::page('op=deleteProfileFieldConfirm&fid='.$session{form}{fid}).
+                        '">'.WebGUI::International::get(44).'</a>';
+                $output .= '&nbsp;&nbsp;&nbsp;&nbsp;<a href="'.WebGUI::URL::page('op=editProfileSettings').'">'.
+                        WebGUI::International::get(45).'</a></div>';
+		return _subMenu($output);
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_deleteProfileFieldConfirm {
+	my ($protected);
+	($protected) = WebGUI::SQL->quickArray("select protected from userProfileField where fieldname=".quote($session{form}{fid}));
+        if ($protected) {
+                return WebGUI::Privilege::vitalComponent();
+        } elsif (WebGUI::Privilege::isInGroup(3)) {
+		WebGUI::SQL->write("delete from userProfileField where fieldName=".quote($session{form}{fid}));
+		WebGUI::SQL->write("delete from userProfileData where fieldName=".quote($session{form}{fid}));
+                return www_editProfileSettings(); 
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_editProfileCategory {
+	my ($output, $f, %data);
+	tie %data, 'Tie::CPHash';
+	if (WebGUI::Privilege::isInGroup(3)) {
+		$output = '<h1>'.WebGUI::International::get(468).'</h1>';
+		$f = WebGUI::HTMLForm->new;
+		$f->hidden("op","editProfileCategorySave");
+		if ($session{form}{cid}) {
+			$f->hidden("cid",$session{form}{cid});
+			$f->readOnly($session{form}{cid},WebGUI::International::get(469));
+			%data = WebGUI::SQL->quickHash("select * from userProfileCategory where profileCategoryId=$session{form}{cid}");
+		} else {
+                        $f->hidden("cid","new");
+		}
+		$f->text("categoryName",WebGUI::International::get(470),$data{categoryName});
+		$f->submit;
+		$output .= $f->print;
+		return _subMenu($output);
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_editProfileCategorySave {
+	my ($categoryId, $sequenceNumber);
+        if (WebGUI::Privilege::isInGroup(3)) {
+		if ($session{form}{cid} eq "new") {
+			$categoryId = getNextId("profileCategoryId");
+			($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from userProfileCategory");
+			WebGUI::SQL->write("insert into userProfileCategory values ($categoryId, ".quote($session{form}{categoryName}).",
+				".($sequenceNumber+1).")");
+		} else {
+			WebGUI::SQL->write("update userProfileCategory set categoryName=".quote($session{form}{categoryName})." where
+				profileCategoryId=$session{form}{cid}");
+		}
+		return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_editProfileField {
+	my ($output, $f, %data, %hash, $key);
+	tie %data, 'Tie::CPHash';
+        if (WebGUI::Privilege::isInGroup(3)) {
+                $output = '<h1>'.WebGUI::International::get(471).'</h1>';
+                $f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editProfileFieldSave");
+		if ($session{form}{fid}) {
+                	$f->hidden("fid",$session{form}{fid});
+			$f->readOnly($session{form}{fid},WebGUI::International::get(470));
+			%data = WebGUI::SQL->quickHash("select * from userProfileField where fieldName=".quote($session{form}{fid}));
+		} else {
+                	$f->hidden("new",1);
+                	$f->text("fid",WebGUI::International::get(470));
+		}
+		$f->text("fieldLabel",WebGUI::International::get(472),$data{fieldLabel});
+		$f->checkbox("visible",WebGUI::International::get(473),$data{visible});
+		$f->checkbox("required",WebGUI::International::get(474),$data{required});
+		tie %hash, 'Tie::IxHash';
+		%hash = (	'text'=>WebGUI::International::get(475), 
+				'textarea'=>WebGUI::International::get(476), 
+				'HTMLArea'=>WebGUI::International::get(477), 
+				'url'=>WebGUI::International::get(478), 
+				'date'=>WebGUI::International::get(479), 
+				'email'=>WebGUI::International::get(480),
+				'phone'=>WebGUI::International::get(481),
+				'integer'=>WebGUI::International::get(482),
+				'yesNo'=>WebGUI::International::get(483),
+				'select'=>WebGUI::International::get(484),
+				'checkbox'=>WebGUI::International::get(485)
+			);
+		$f->select("dataType",\%hash,WebGUI::International::get(486),[$data{dataType}]);
+		$f->textarea("dataValues",WebGUI::International::get(487),$data{dataValues});
+		$f->textarea("dataDefault",WebGUI::International::get(488),$data{dataDefault});
+		tie %hash, 'Tie::CPHash';
+		%hash = WebGUI::SQL->buildHash("select profileCategoryId,categoryName from userProfileCategory order by categoryName");
+		foreach $key (keys %hash) {
+			$hash{$key} = eval $hash{$key};
+		}
+		$f->select("profileCategoryId",\%hash,WebGUI::International::get(489),[$data{profileCategoryId}]);
+                $f->submit;
+                $output .= $f->print;
+		return _subMenu($output);
+	} else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_editProfileFieldSave {
+	my ($sequenceNumber, $fieldName);
+        if (WebGUI::Privilege::isInGroup(3)) {
+		if ($session{form}{new}) {
+			($fieldName) = WebGUI::SQL->quickArray("select count(*) from userProfileField 
+				where fieldName=".quote($session{form}{fid}));
+			if ($fieldName) {
+				$session{form}{fid} .= '2';	
+			}
+			($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) 
+				from userProfileField where profileCategoryId=$session{form}{profileCategoryId}");
+			WebGUI::SQL->write("insert into userProfileField (fieldName, sequenceNumber, protected)
+				values (".quote($session{form}{fid}).", ".($sequenceNumber+1).", 0)");
+		}
+		WebGUI::SQL->write("update userProfileField set
+			fieldLabel=".quote($session{form}{fieldLabel}).",
+			visible='$session{form}{visible}',
+			required='$session{form}{required}',
+			dataType=".quote($session{form}{dataType}).",
+			dataValues=".quote($session{form}{dataValues}).",
+			dataDefault=".quote($session{form}{dataDefault}).",
+			profileCategoryId=".quote($session{form}{profileCategoryId})."
+			where fieldName=".quote($session{form}{fid}));
+		return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_editProfileSettings {
+	my ($output, $a, %category, %field, $b);
+	tie %category, 'Tie::CPHash';
+	tie %field, 'Tie::CPHash';
+	if (WebGUI::Privilege::isInGroup(3)) {
+		$output = helpIcon(22);
+		$output .= '<h1>'.WebGUI::International::get(308).'</h1>';
+		$a = WebGUI::SQL->read("select * from userProfileCategory order by sequenceNumber");
+		while (%category = $a->hash) {
+			$output .= deleteIcon('op=deleteProfileCategory&cid='.$category{profileCategoryId}); 
+			$output .= editIcon('op=editProfileCategory&cid='.$category{profileCategoryId}); 
+			$output .= moveUpIcon('op=moveProfileCategoryUp&cid='.$category{profileCategoryId}); 
+			$output .= moveDownIcon('op=moveProfileCategoryDown&cid='.$category{profileCategoryId}); 
+			$output .= ' <b>';
+			$output .= eval $category{categoryName};
+			$output .= '</b><br>';
+			$b = WebGUI::SQL->read("select * from userProfileField where 
+				profileCategoryId=$category{profileCategoryId} order by sequenceNumber");
+			while (%field = $b->hash) {
+				$output .= '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
+	                        $output .= deleteIcon('op=deleteProfileField&fid='.$field{fieldName});
+        	                $output .= editIcon('op=editProfileField&fid='.$field{fieldName});
+                	        $output .= moveUpIcon('op=moveProfileFieldUp&fid='.$field{fieldName});
+                        	$output .= moveDownIcon('op=moveProfileFieldDown&fid='.$field{fieldName});
+                        	$output .= ' ';
+				$output .= eval $field{fieldLabel};
+				$output .= '<br>';
+			}
+			$b->finish;
+		}
+		$a->finish;
+		return _subMenu($output);
+	} else {
+		return WebGUI::Privilege::adminOnly();
+	}
+}
+
+#-------------------------------------------------------------------
+sub www_moveProfileCategoryDown {
+        my ($id, $thisSeq);
+        if (WebGUI::Privilege::isInGroup(3)) {
+                ($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from userProfileCategory where profileCategoryId=$session{form}{cid}");
+                ($id) = WebGUI::SQL->quickArray("select profileCategoryId from userProfileCategory where sequenceNumber=$thisSeq+1");
+                if ($id ne "") {
+                        WebGUI::SQL->write("update userProfileCategory set sequenceNumber=sequenceNumber+1 where profileCategoryId=$session{form}{cid}");
+                        WebGUI::SQL->write("update userProfileCategory set sequenceNumber=sequenceNumber-1 where profileCategoryId=$id");
+                        _reorderCategories();
+                }
+                return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_moveProfileCategoryUp {
+        my ($id, $thisSeq);
+        if (WebGUI::Privilege::isInGroup(3)) {
+                ($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from userProfileCategory where profileCategoryId=$session{form}{cid}");
+                ($id) = WebGUI::SQL->quickArray("select profileCategoryId from userProfileCategory where sequenceNumber=$thisSeq-1");
+                if ($id ne "") {
+                        WebGUI::SQL->write("update userProfileCategory set sequenceNumber=sequenceNumber-1 where profileCategoryId=$session{form}{cid}");
+                        WebGUI::SQL->write("update userProfileCategory set sequenceNumber=sequenceNumber+1 where profileCategoryId=$id");
+                        _reorderCategories();
+                }
+                return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_moveProfileFieldDown {
+        my ($id, $thisSeq, $profileCategoryId);
+        if (WebGUI::Privilege::isInGroup(3)) {
+                ($thisSeq,$profileCategoryId) = WebGUI::SQL->quickArray("select sequenceNumber,profileCategoryId from userProfileField where fieldName=".quote($session{form}{fid}));
+                ($id) = WebGUI::SQL->quickArray("select fieldName from userProfileField where profileCategoryId=$profileCategoryId and sequenceNumber=$thisSeq+1");
+                if ($id ne "") {
+                        WebGUI::SQL->write("update userProfileField set sequenceNumber=sequenceNumber+1 where fieldName=".quote($session{form}{fid}));
+                        WebGUI::SQL->write("update userProfileField set sequenceNumber=sequenceNumber-1 where fieldName=".quote($id));
+                        _reorderFields($profileCategoryId);
+                }
+                return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_moveProfileFieldUp {
+        my ($id, $thisSeq, $profileCategoryId);
+        if (WebGUI::Privilege::isInGroup(3)) {
+                ($thisSeq,$profileCategoryId) = WebGUI::SQL->quickArray("select sequenceNumber,profileCategoryId from userProfileField where fieldName=".quote($session{form}{fid}));
+                ($id) = WebGUI::SQL->quickArray("select fieldName from userProfileField where profileCategoryId=$profileCategoryId and sequenceNumber=$thisSeq-1");
+                if ($id ne "") {
+                        WebGUI::SQL->write("update userProfileField set sequenceNumber=sequenceNumber-1 where fieldName=".quote($session{form}{fid}));
+                        WebGUI::SQL->write("update userProfileField set sequenceNumber=sequenceNumber+1 where fieldName=".quote($id));
+                        _reorderFields($profileCategoryId);
+                }
+                return www_editProfileSettings();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+
+
+
+
+1;
+
--- a/lib/WebGUI/Operation/Settings.pm
+++ b/lib/WebGUI/Operation/Settings.pm
@ -12,41 +12,40 @@ package WebGUI::Operation::Settings;

 use Exporter;
 use strict;
-use WebGUI::Form;
+use WebGUI::HTMLForm;
+use WebGUI::Icon;
 use WebGUI::International;
 use WebGUI::Privilege;
 use WebGUI::Session;
-use WebGUI::Shortcut;
 use WebGUI::SQL;
 use WebGUI::URL;

 our @ISA = qw(Exporter);
-our @EXPORT = qw(&www_editProfileSettings &www_editProfileSettingsSave &www_editAuthenticationSettings &www_editAuthenticationSettingsSave &www_editCompanyInformation &www_editCompanyInformationSave &www_editFileSettings &www_editFileSettingsSave &www_editMailSettings &www_editMailSettingsSave &www_editMiscSettings &www_editMiscSettingsSave &www_manageSettings);
+our @EXPORT = qw(&www_editAuthenticationSettings &www_editAuthenticationSettingsSave &www_editCompanyInformation &www_editCompanyInformationSave &www_editFileSettings &www_editFileSettingsSave &www_editMailSettings &www_editMailSettingsSave &www_editMiscSettings &www_editMiscSettingsSave &www_manageSettings);
+
+#-------------------------------------------------------------------
+sub _saveSetting {
+	WebGUI::SQL->write("update settings set value=".quote($session{form}{$_[0]})." where name='$_[0]'");
+}

 #-------------------------------------------------------------------
 sub www_editAuthenticationSettings {
-        my ($output, %authMethod, @array, %yesNo);
+        my ($output, %authMethod, $f);
        %authMethod = ('WebGUI'=>'WebGUI', 'LDAP'=>'LDAP');
-        %yesNo = ('yes'=>WebGUI::International::get(138), 'no'=>WebGUI::International::get(139));
        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(2);
+                $output .= helpIcon(2);
                $output .= '<h1>'.WebGUI::International::get(117).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editAuthenticationSettingsSave");
-                $output .= '<table>';
-                $array[0] = $session{setting}{anonymousRegistration};
-                $output .= tableFormRow(WebGUI::International::get(118),WebGUI::Form::selectList("anonymousRegistration",\%yesNo, \@array));
-                $array[0] = $session{setting}{authMethod};
-                $output .= tableFormRow(WebGUI::International::get(119),WebGUI::Form::selectList("authMethod",\%authMethod, \@array));
-                $array[0] = $session{setting}{usernameBinding};
-                $output .= tableFormRow(WebGUI::International::get(306),WebGUI::Form::selectList("usernameBinding",\%yesNo, \@array));
-                $output .= tableFormRow(WebGUI::International::get(120),WebGUI::Form::text("ldapURL",30,2048,$session{setting}{ldapURL}));
-                $output .= tableFormRow(WebGUI::International::get(121),WebGUI::Form::text("ldapId",30,100,$session{setting}{ldapId}));
-                $output .= tableFormRow(WebGUI::International::get(122),WebGUI::Form::text("ldapIdName",30,100,$session{setting}{ldapIdName}));
-                $output .= tableFormRow(WebGUI::International::get(123),WebGUI::Form::text("ldapPasswordName",30,100,$session{setting}{ldapPasswordName}));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editAuthenticationSettingsSave");
+                $f->select("anonymousRegistration",WebGUI::International::get(118),$session{setting}{anonymousRegistration});
+                $f->select("authMethod",\%authMethod,WebGUI::International::get(119),[$session{setting}{authMethod}]);
+                $f->yesNo("usernameBinding",WebGUI::International::get(306),$session{setting}{usernameBinding});
+                $f->url("ldapURL",WebGUI::International::get(120),$session{setting}{ldapURL});
+                $f->text("ldapId",WebGUI::International::get(121),$session{setting}{ldapId});
+                $f->text("ldapIdName",WebGUI::International::get(122),$session{setting}{ldapIdName});
+                $f->text("ldapPasswordName",WebGUI::International::get(123),$session{setting}{ldapPasswordName});
+		$f->submit;
+		$output .= $f->print;
        } else {
                $output = WebGUI::Privilege::adminOnly();
        }
@ -56,13 +55,13 @@ sub www_editAuthenticationSettings {
 #-------------------------------------------------------------------
 sub www_editAuthenticationSettingsSave {
        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{authMethod})." where name='authMethod'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{ldapURL})." where name='ldapURL'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{ldapId})." where name='ldapId'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{ldapIdName})." where name='ldapIdName'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{ldapPasswordName})." where name='ldapPasswordName'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{anonymousRegistration})." where name='anonymousRegistration'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{usernameBinding})." where name='usernameBinding'");
+		_saveSetting("authMethod");
+		_saveSetting("ldapURL");
+		_saveSetting("ldapId");
+		_saveSetting("ldapIdName");
+		_saveSetting("ldapPasswordName");
+		_saveSetting("anonymousRegistration");
+		_saveSetting("usernameBinding");
                return www_manageSettings();
        } else {
                return WebGUI::Privilege::adminOnly();
@ -71,19 +70,17 @@ sub www_editAuthenticationSettingsSave {

 #-------------------------------------------------------------------
 sub www_editCompanyInformation {
-        my ($output);
+        my ($output, $f);
        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(6);
+                $output .= helpIcon(6);
 		$output .= '<h1>'.WebGUI::International::get(124).'</h1>';
-		$output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editCompanyInformationSave");
-                $output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(125),WebGUI::Form::text("companyName",30,255,$session{setting}{companyName}));
-                $output .= tableFormRow(WebGUI::International::get(126),WebGUI::Form::text("companyEmail",30,255,$session{setting}{companyEmail}));
-                $output .= tableFormRow(WebGUI::International::get(127),WebGUI::Form::text("companyURL",30,2048,$session{setting}{companyURL}));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editCompanyInformationSave");
+                $f->text("companyName",WebGUI::International::get(125),$session{setting}{companyName});
+                $f->email("companyEmail",WebGUI::International::get(126),$session{setting}{companyEmail});
+                $f->url("companyURL",WebGUI::International::get(127),$session{setting}{companyURL});
+		$f->submit;
+		$output .= $f->print;
        } else {
                $output = WebGUI::Privilege::adminOnly();
        }
@ -93,9 +90,9 @@ sub www_editCompanyInformation {
 #-------------------------------------------------------------------
 sub www_editCompanyInformationSave {
        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{companyName})." where name='companyName'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{companyEmail})." where name='companyEmail'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{companyURL})." where name='companyURL'");
+		_saveSetting("companyName");
+		_saveSetting("companyEmail");
+		_saveSetting("companyURL");
                return www_manageSettings(); 
        } else {
                return WebGUI::Privilege::adminOnly();
@ -104,26 +101,19 @@ sub www_editCompanyInformationSave {

 #-------------------------------------------------------------------
 sub www_editFileSettings {
-        my ($output);
+        my ($output, $f);
        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(11);
+                $output .= helpIcon(11);
 		$output .= '<h1>'.WebGUI::International::get(128).'</h1>';
-		$output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editFileSettingsSave");
-                $output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(129),
-			WebGUI::Form::text("lib",30,255,$session{setting}{lib}));
-                $output .= tableFormRow(WebGUI::International::get(130),
-			WebGUI::Form::text("maxAttachmentSize",30,11,$session{setting}{maxAttachmentSize}));
-                $output .= tableFormRow(WebGUI::International::get(406),
-			WebGUI::Form::text("thumbnailSize",30,3,$session{setting}{thumbnailSize}));
-                $output .= tableFormRow(WebGUI::International::get(131),
-			WebGUI::Form::text("attachmentDirectoryWeb",30,255,$session{setting}{attachmentDirectoryWeb}));
-                $output .= tableFormRow(WebGUI::International::get(132),
-			WebGUI::Form::text("attachmentDirectoryLocal",30,255,$session{setting}{attachmentDirectoryLocal}));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editFileSettingsSave");
+                $f->text("lib",WebGUI::International::get(129),$session{setting}{lib});
+                $f->integer("maxAttachmentSize",WebGUI::International::get(130),$session{setting}{maxAttachmentSize});
+                $f->integer("thumbnailSize",WebGUI::International::get(406),$session{setting}{thumbnailSize});
+                $f->text("attachmentDirectoryWeb",WebGUI::International::get(131),$session{setting}{attachmentDirectoryWeb});
+                $f->text("attachmentDirectoryLocal",WebGUI::International::get(132),$session{setting}{attachmentDirectoryLocal});
+		$f->submit;
+		$output .= $f->print;
        } else {
                $output = WebGUI::Privilege::adminOnly();
        }
@ -133,15 +123,11 @@ sub www_editFileSettings {
 #-------------------------------------------------------------------
 sub www_editFileSettingsSave {
        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{lib})." where name='lib'");
-                WebGUI::SQL->write("update settings set value=".
-			quote($session{form}{maxAttachmentSize})." where name='maxAttachmentSize'");
-                WebGUI::SQL->write("update settings set value=".
-                        quote($session{form}{thumbnailSize})." where name='thumbnailSize'");
-                WebGUI::SQL->write("update settings set value=".
-			quote($session{form}{attachmentDirectoryWeb})." where name='attachmentDirectoryWeb'");
-                WebGUI::SQL->write("update settings set value=".
-			quote($session{form}{attachmentDirectoryLocal})." where name='attachmentDirectoryLocal'");
+		_saveSetting("lib");
+		_saveSetting("maxAttachmentSize");
+		_saveSetting("thumbnailSize");
+		_saveSetting("attachementDirectoryWeb");
+		_saveSetting("attachmentDirectoryLocal");
                return www_manageSettings();
        } else {
                return WebGUI::Privilege::adminOnly();
@ -150,18 +136,16 @@ sub www_editFileSettingsSave {

 #-------------------------------------------------------------------
 sub www_editMailSettings {
-        my ($output);
+        my ($output, $f);
        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(13);
+                $output .= helpIcon(13);
                $output .= '<h1>'.WebGUI::International::get(133).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editMailSettingsSave");
-                $output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(134),WebGUI::Form::textArea("recoverPasswordEmail",$session{setting}{recoverPasswordEmail}));
-                $output .= tableFormRow(WebGUI::International::get(135),WebGUI::Form::text("smtpServer",30,255,$session{setting}{smtpServer}));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editMailSettingsSave");
+                $f->textarea("recoverPasswordEmail",WebGUI::International::get(134),$session{setting}{recoverPasswordEmail});
+                $f->text("smtpServer",WebGUI::International::get(135),$session{setting}{smtpServer});
+		$f->submit;
+		$output .= $f->print;
        } else {
                $output = WebGUI::Privilege::adminOnly();
        }
@ -171,8 +155,8 @@ sub www_editMailSettings {
 #-------------------------------------------------------------------
 sub www_editMailSettingsSave {
        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{recoverPasswordEmail})." where name='recoverPasswordEmail'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{smtpServer})." where name='smtpServer'");
+		_saveSetting("recoverPasswordEmail");
+		_saveSetting("smtpServer");
                return www_manageSettings();
        } else {
                return WebGUI::Privilege::adminOnly();
@ -181,37 +165,26 @@ sub www_editMailSettingsSave {

 #-------------------------------------------------------------------
 sub www_editMiscSettings {
-        my ($output, @array, %notFoundPage, %yesNo, %criticalError, %htmlFilter);
-	%htmlFilter = ('none'=>WebGUI::International::get(420), 'most'=>WebGUI::International::get(421),
-		'all'=>WebGUI::International::get(419));
+        my ($output, %notFoundPage, %criticalError, %htmlFilter, $f);
+	%htmlFilter = ('none'=>WebGUI::International::get(420), 'most'=>WebGUI::International::get(421), 'all'=>WebGUI::International::get(419));
 	%criticalError = ('debug'=>WebGUI::International::get(414), 'friendly'=>WebGUI::International::get(415));
        %notFoundPage = (1=>WebGUI::International::get(136), 4=>WebGUI::International::get(137));
-	%yesNo = ('1'=>WebGUI::International::get(138), '0'=>WebGUI::International::get(139));
        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(24);
+                $output .= helpIcon(24);
                $output .= '<h1>'.WebGUI::International::get(140).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editMiscSettingsSave");
-                $output .= '<table>';
-                $array[0] = $session{setting}{notFoundPage};
-                $output .= tableFormRow(WebGUI::International::get(141),
-			WebGUI::Form::selectList("notFoundPage",\%notFoundPage,\@array));
-                $output .= tableFormRow(WebGUI::International::get(142),
-			WebGUI::Form::text("sessionTimeout",30,11,$session{setting}{sessionTimeout}));
-		$output .= tableFormRow(WebGUI::International::get(398),
-			WebGUI::Form::text("docTypeDec", 70, 255, $session{setting}{docTypeDec}));
-                $array[0] = $session{setting}{preventProxyCache};
-                $output .= tableFormRow(WebGUI::International::get(400),
-			WebGUI::Form::selectList("preventProxyCache",\%yesNo,\@array));
-		$array[0] = $session{setting}{onCriticalError};
-		$output .= tableFormRow(WebGUI::International::get(413),
-			WebGUI::Form::selectList("onCriticalError",\%criticalError,\@array));
-                $array[0] = $session{setting}{filterContributedHTML};
-                $output .= tableFormRow(WebGUI::International::get(418),
-                        WebGUI::Form::selectList("filterContributedHTML",\%htmlFilter,\@array));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editMiscSettingsSave");
+                $f->select("notFoundPage",\%notFoundPage,WebGUI::International::get(141),[$session{setting}{notFoundPage}]);
+                $f->integer("sessionTimeout",WebGUI::International::get(142),$session{setting}{sessionTimeout});
+		$f->text("docTypeDec",WebGUI::International::get(398),$session{setting}{docTypeDec});
+		$f->yesNo("preventProxyCache",WebGUI::International::get(400),$session{setting}{preventProxyCache});
+		$f->select("onCriticalError",\%criticalError,WebGUI::International::get(413),[$session{setting}{onCriticalError}]);
+                $f->select("filterContributedHTML",\%htmlFilter,WebGUI::International::get(418),[$session{setting}{filterContributedHTML}]);
+                $f->integer("textAreaRows",WebGUI::International::get(463),$session{setting}{textAreaRows});
+                $f->integer("textAreaCols",WebGUI::International::get(464),$session{setting}{textAreaCols});
+                $f->integer("textBoxSize",WebGUI::International::get(465),$session{setting}{textBoxSize});
+		$f->submit;
+		$output .= $f->print;
        } else {
                $output = WebGUI::Privilege::adminOnly();
        }
@ -221,72 +194,26 @@ sub www_editMiscSettings {
 #-------------------------------------------------------------------
 sub www_editMiscSettingsSave {
        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{sessionTimeout}).
-			" where name='sessionTimeout'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{notFoundPage}).
-			" where name='notFoundPage'");
-		WebGUI::SQL->write("update settings set value=".quote($session{form}{docTypeDec}).
-			" where name='docTypeDec'");
-		WebGUI::SQL->write("update settings set value=".quote($session{form}{preventProxyCache}).
-			" where name='preventProxyCache'");
-		WebGUI::SQL->write("update settings set value=".quote($session{form}{onCriticalError}).
-			" where name='onCriticalError'");
-		WebGUI::SQL->write("update settings set value=".quote($session{form}{filterContributedHTML}).
-			" where name='filterContributedHTML'");
+		_saveSetting("sessionTimeout");
+		_saveSetting("notFoundPage");
+		_saveSetting("docTypeDec");
+		_saveSetting("preventProxyCache");
+		_saveSetting("onCriticalError");
+		_saveSetting("filterContributedHTML");
+		_saveSetting("textAreaRows");
+		_saveSetting("textAreaCols");
+		_saveSetting("textBoxSize");
                return www_manageSettings(); 
        } else {
                return WebGUI::Privilege::adminOnly();
 	}
 }

-#-------------------------------------------------------------------
-sub www_editProfileSettings {
-        my ($output, @array, %yesNo);
-        %yesNo = ('1'=>WebGUI::International::get(138), '0'=>WebGUI::International::get(139));
-        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(22);
-                $output .= '<h1>'.WebGUI::International::get(308).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editProfileSettingsSave");
-                $output .= '<table>';
-		$array[0] = $session{setting}{profileName};
-                $output .= tableFormRow(WebGUI::International::get(309),WebGUI::Form::selectList("profileName",\%yesNo,\@array));
-		$array[0] = $session{setting}{profileExtraContact};
-                $output .= tableFormRow(WebGUI::International::get(310),WebGUI::Form::selectList("profileExtraContact",\%yesNo,\@array));
-		$array[0] = $session{setting}{profileHome};
-                $output .= tableFormRow(WebGUI::International::get(311),WebGUI::Form::selectList("profileHome",\%yesNo,\@array));
-		$array[0] = $session{setting}{profileWork};
-                $output .= tableFormRow(WebGUI::International::get(312),WebGUI::Form::selectList("profileWork",\%yesNo,\@array));
-		$array[0] = $session{setting}{profileMisc};
-                $output .= tableFormRow(WebGUI::International::get(313),WebGUI::Form::selectList("profileMisc",\%yesNo,\@array));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
-        } else {
-                $output = WebGUI::Privilege::adminOnly();
-        }
-        return $output;
-}
-
-#-------------------------------------------------------------------
-sub www_editProfileSettingsSave {
-        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{profileName})." where name='profileName'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{profileExtraContact})." where name='profileExtraContact'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{profileHome})." where name='profileHome'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{profileWork})." where name='profileWork'");
-                WebGUI::SQL->write("update settings set value=".quote($session{form}{profileMisc})." where name='profileMisc'");
-                return www_manageSettings();
-        } else {
-                return WebGUI::Privilege::adminOnly();
-        }
-}
-
 #-------------------------------------------------------------------
 sub www_manageSettings {
        my ($output);
        if (WebGUI::Privilege::isInGroup(3)) {
-                $output .= helpLink(12);
+                $output .= helpIcon(12);
                $output .= '<h1>'.WebGUI::International::get(143).'</h1>';
                $output .= '<ul>';
                $output .= '<li><a href="'.WebGUI::URL::page('op=editAuthenticationSettings').
--- a/lib/WebGUI/Operation/Statistics.pm
+++ b/lib/WebGUI/Operation/Statistics.pm
@ -125,10 +125,10 @@ sub www_viewStatistics {
 		($data) = WebGUI::SQL->quickArray("select count(*) from userSession");
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(146).'</td><td class="tableData">'.$data.' (<a href="'.WebGUI::URL::page("op=viewActiveSessions").'">'.WebGUI::International::get(423).'</a> / <a href="'.WebGUI::URL::page("op=viewLoginHistory").'">'.WebGUI::International::get(424).'</a>)</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId>25");
-		$data += 1;
+		$data++;
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(147).'</td><td class="tableData">'.$data.'</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*) from widget");
-		$data -= 1;
+		$data--;
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(148).'</td><td class="tableData">'.$data.'</td></tr>';
 		($data) = WebGUI::SQL->quickArray("select count(*) from style where styleId>25");
 		$output .= '<tr><td class="tableHeader">'.WebGUI::International::get(427).'</td><td class="tableData">'.$data.'</td></tr>';
--- a/lib/WebGUI/Operation/User.pm
+++ b/lib/WebGUI/Operation/User.pm
@ -15,7 +15,7 @@ use Exporter;
 use strict;
 use Tie::CPHash;
 use WebGUI::DateTime;
-use WebGUI::Form;
+use WebGUI::HTMLForm;
 use WebGUI::International;
 use WebGUI::Paginator;
 use WebGUI::Privilege;
@ -23,41 +23,48 @@ use WebGUI::Session;
 use WebGUI::Shortcut;
 use WebGUI::SQL;
 use WebGUI::URL;
+use WebGUI::User;
 use WebGUI::Utility;

 our @ISA = qw(Exporter);
-our @EXPORT = qw(&www_editUserGroupSave &www_deleteGrouping &www_editGrouping &www_editGroupingSave &www_becomeUser &www_addUser &www_addUserSave &www_deleteUser &www_deleteUserConfirm &www_editUser &www_editUserSave &www_listUsers);
+our @EXPORT = qw(&www_editUserGroup &www_editUserProfile &www_editUserProfileSave &www_editUserGroupSave &www_deleteGrouping &www_editGrouping &www_editGroupingSave &www_becomeUser &www_addUser &www_addUserSave &www_deleteUser &www_deleteUserConfirm &www_editUser &www_editUserSave &www_listUsers);
+
+#-------------------------------------------------------------------
+sub _subMenu {
+	my ($output);
+	$output = '<table width="100%"><tr><td class="tableData" valign="top">';
+	$output .= $_[0];
+	$output .= '</td><td class="tableMenu" valign="top">';
+	$output .= '<li><a href="'.WebGUI::URL::page("op=addUser").'">'.WebGUI::International::get(169).'</a>';
+	$output .= '<li><a href="'.WebGUI::URL::page("op=editUser&uid=".$session{form}{uid}).'">'.WebGUI::International::get(457).'</a>';
+	$output .= '<li><a href="'.WebGUI::URL::page("op=editUserGroup&uid=".$session{form}{uid}).'">'.WebGUI::International::get(458).'</a>';
+	$output .= '<li><a href="'.WebGUI::URL::page("op=editUserProfile&uid=".$session{form}{uid}).'">'.WebGUI::International::get(459).'</a>';
+	$output .= '<li><a href="'.WebGUI::URL::page("op=listUsers").'">'.WebGUI::International::get(456).'</a>';
+	$output .= '</td></tr></table>';
+	return $output;
+}

 #-------------------------------------------------------------------
 sub www_addUser {
-        my ($output, %hash, @array);
+        my ($output, %hash, $f);
 	tie %hash, 'Tie::IxHash';
        if (WebGUI::Privilege::isInGroup(3)) {
                $output .= helpLink(5);
 		$output .= '<h1>'.WebGUI::International::get(163).'</h1>';
+		$f = WebGUI::HTMLForm->new;
 		if ($session{form}{op} eq "addUserSave") {
 			$output .= '<ul><li>'.WebGUI::International::get(77).' '.$session{form}{username}.'Too or '.$session{form}{username}.'02</ul>';
 		}
-		$output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","addUserSave");
-                $output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(50),WebGUI::Form::text("username",20,35,$session{form}{username}));
-               	$output .= tableFormRow(WebGUI::International::get(51),WebGUI::Form::password("identifier",20,35,$session{form}{username}));
+                $f->hidden("op","addUserSave");
+                $f->text("username",WebGUI::International::get(50),$session{form}{username});
+               	$f->password("identifier",WebGUI::International::get(51));
 		%hash = ('WebGUI'=>'WebGUI', 'LDAP'=>'LDAP');
-		$array[0] = $session{setting}{authMethod};
-               	$output .= tableFormRow(WebGUI::International::get(164),WebGUI::Form::selectList("authMethod",\%hash, \@array));
-                $output .= tableFormRow(WebGUI::International::get(165),WebGUI::Form::text("ldapURL",20,2048,$session{setting}{ldapURL}));
-                $output .= tableFormRow(WebGUI::International::get(166),WebGUI::Form::text("connectDN",20,255,$session{form}{connectDN}));
-                $output .= tableFormRow(WebGUI::International::get(56),WebGUI::Form::text("email",20,255,$session{form}{email}));
-                %hash = WebGUI::SQL->buildHash("select groupId,groupName from groups where groupName<>'Reserved' order by groupName");
-		$array[0] = 2;
-                $output .= tableFormRow(WebGUI::International::get(89),WebGUI::Form::selectList("groups",\%hash,\@array,5,1));
-		%hash = WebGUI::SQL->buildHash("select distinct(language) from international");
-		$array[0] = "English";
-                $output .= tableFormRow(WebGUI::International::get(304),WebGUI::Form::selectList("language",\%hash,\@array));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form> ';
+               	$f->select("authMethod",\%hash,WebGUI::International::get(164),[$session{setting}{authMethod}]);
+                $f->url("ldapURL",WebGUI::International::get(165),$session{setting}{ldapURL});
+                $f->text("connectDN",WebGUI::International::get(166),$session{form}{connectDN});
+                $f->group("groups",WebGUI::International::get(89),[2],5,1);
+		$f->submit;
+		$output .= $f->print;
        } else {
                $output = WebGUI::Privilege::adminOnly();
        }
@ -66,20 +73,22 @@ sub www_addUser {

 #-------------------------------------------------------------------
 sub www_addUserSave {
-        my ($output, @groups, $uid, $gid, $encryptedPassword, $expireAfter);
+        my ($output, @groups, $uid, $u, $gid, $encryptedPassword, $expireAfter);
        if (WebGUI::Privilege::isInGroup(3)) {
 		($uid) = WebGUI::SQL->quickArray("select userId from users where username=".
 			quote($session{form}{username}));
 		unless ($uid) {
                	$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier});
-			$uid = getNextId("userId");
-                	WebGUI::SQL->write("insert into users (userId,username,identifier,email,authMethod,ldapURL,connectDN,language) values ($uid, ".quote($session{form}{username}).", ".quote($encryptedPassword).", ".quote($session{form}{email}).", ".quote($session{form}{authMethod}).", ".quote($session{form}{ldapURL}).", ".quote($session{form}{connectDN}).", ".quote($session{form}{language}).")");
+			$u = WebGUI::User->new("new");
+			$u->username($session{form}{username});
+			$u->identifier($encryptedPassword);
+			$u->connectDN($session{form}{connectDN});
+			$u->ldapURL($session{form}{ldapURL});
+			$u->authMethod($session{form}{authMethod});
                	@groups = $session{cgi}->param('groups');
-                	foreach $gid (@groups) {
-				($expireAfter) = WebGUI::SQL->quickArray("select expireAfter from groups where groupId=$gid");
-                        	WebGUI::SQL->write("insert into groupings values ($gid, $uid, ".(time()+$expireAfter).")");
-                	}
-                	$output = www_listUsers();
+			$u->addToGroups(\@groups);
+			$session{form}{uid}=$u->userId;
+                	$output = www_editUser();
 		} else {
 			$output = www_addUser();
 		}
@ -104,8 +113,10 @@ sub www_becomeUser {

 #-------------------------------------------------------------------
 sub www_deleteGrouping {
+	my ($u);
        if (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("delete from groupings where groupId=$session{form}{gid} and userId=$session{form}{uid}");
+		$u = WebGUI::User->new($session{form}{uid});
+		$u->deleteFromGroups([$session{form}{gid}]);
                return www_editUser();
        } else {
                return WebGUI::Privilege::adminOnly();
@ -134,11 +145,12 @@ sub www_deleteUser {

 #-------------------------------------------------------------------
 sub www_deleteUserConfirm {
+	my ($u);
        if ($session{form}{uid} < 26) {
 		return WebGUI::Privilege::vitalComponent();
        } elsif (WebGUI::Privilege::isInGroup(3)) {
-                WebGUI::SQL->write("delete from users where userId=$session{form}{uid}");
-                WebGUI::SQL->write("delete from groupings where userId=$session{form}{uid}");
+		$u = WebGUI::User->new($session{form}{uid});
+		$u->delete;
                return www_listUsers();
        } else {
                return WebGUI::Privilege::adminOnly();
@ -147,23 +159,22 @@ sub www_deleteUserConfirm {

 #-------------------------------------------------------------------
 sub www_editGrouping {
-        my ($output, $username, $group, $expireDate);
+        my ($output, $username, $group, $expireDate, $f);
        if (WebGUI::Privilege::isInGroup(3)) {
                $output .= '<h1>'.WebGUI::International::get(370).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editGroupingSave");
-                $output .= WebGUI::Form::hidden("uid",$session{form}{uid});
-                $output .= WebGUI::Form::hidden("gid",$session{form}{gid});
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editGroupingSave");
+                $f->hidden("uid",$session{form}{uid});
+                $f->hidden("gid",$session{form}{gid});
 		($username) = WebGUI::SQL->quickArray("select username from users where userId=$session{form}{uid}");
 		($group) = WebGUI::SQL->quickArray("select groupName from groups where groupId=$session{form}{gid}");
 		($expireDate) = WebGUI::SQL->quickArray("select expireDate from groupings where groupId=$session{form}{gid} and userId=$session{form}{uid}");
-		$output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(50),$username);
-                $output .= tableFormRow(WebGUI::International::get(84),$group);
-		$output .= tableFormRow(WebGUI::International::get(369),WebGUI::Form::text("expireDate",20,30,epochToSet($expireDate),1));
-                $output .= formSave();
-		$output .= '</table></form>';
-                return $output;
+                $f->readOnly($username,WebGUI::International::get(50));
+                $f->readOnly($group,WebGUI::International::get(84));
+		$f->date("expireDate",WebGUI::International::get(369),$expireDate);
+		$f->submit;
+		$output .= $f->print;
+                return _subMenu($output);
        } else {
                return WebGUI::Privilege::adminOnly();
        }
@ -173,7 +184,7 @@ sub www_editGrouping {
 sub www_editGroupingSave {
        if (WebGUI::Privilege::isInGroup(3)) {
                WebGUI::SQL->write("update groupings set expireDate=".setToEpoch($session{form}{expireDate})." where groupId=$session{form}{gid} and userId=$session{form}{uid}");
-                return www_editUser();
+                return www_editUserGroup();
        } else {
                return WebGUI::Privilege::adminOnly();
        }
@ -181,89 +192,30 @@ sub www_editGroupingSave {

 #-------------------------------------------------------------------
 sub www_editUser {
-        my ($output, %user, %hash, @array, %gender, $sth, %data);
-	tie %user, 'Tie::CPHash';
-	tie %hash, 'Tie::CPHash';
+        my ($output, $f, $u, %data);
 	tie %data, 'Tie::IxHash';
        if (WebGUI::Privilege::isInGroup(3)) {
-		%gender = ('neuter'=>WebGUI::International::get(403),'male'=>WebGUI::International::get(339),'female'=>WebGUI::International::get(340));
-		%user = WebGUI::SQL->quickHash("select * from users where userId=$session{form}{uid}");
-		$output .= '<table><tr><td valign="top">';
+		$u = WebGUI::User->new($session{form}{uid});
                $output .= helpLink(5);
 		$output .= '<h1>'.WebGUI::International::get(168).'</h1>';
                if ($session{form}{op} eq "editUserSave") {
                        $output .= '<ul><li>'.WebGUI::International::get(77).' '.$session{form}{username}.'Too or '.$session{form}{username}.'02</ul>';
                }
-		$output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editUserSave");
-                $output .= WebGUI::Form::hidden("uid",$session{form}{uid});
-                $output .= '<table>';
-                $output .= tableFormRow(WebGUI::International::get(378),$session{form}{uid});
-                $output .= tableFormRow(WebGUI::International::get(50),WebGUI::Form::text("username",20,35,$user{username}));
-                $output .= tableFormRow(WebGUI::International::get(51),WebGUI::Form::password("identifier",20,35,"password"));
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editUserSave");
+                $f->hidden("uid",$session{form}{uid});
+                $f->readOnly($session{form}{uid},WebGUI::International::get(378));
+                $f->readOnly(epochToHuman($u->dateCreated,"%z"),WebGUI::International::get(453));
+                $f->readOnly(epochToHuman($u->lastUpdated,"%z"),WebGUI::International::get(454));
+                $f->text("username",WebGUI::International::get(50),$u->username);
+                $f->password("identifier",WebGUI::International::get(51),"password");
 		%data = ('WebGUI'=>'WebGUI', 'LDAP'=>'LDAP');
-		$array[0] = $user{authMethod};
-                $output .= tableFormRow(WebGUI::International::get(164),WebGUI::Form::selectList("authMethod",\%data,\@array));
-                $output .= tableFormRow(WebGUI::International::get(165),WebGUI::Form::text("ldapURL",20,2048,$user{ldapURL}));
-                $output .= tableFormRow(WebGUI::International::get(166),WebGUI::Form::text("connectDN",20,255,$user{connectDN}));
-                $output .= tableFormRow(WebGUI::International::get(56),WebGUI::Form::text("email",20,255,$user{email}));
-		%data = WebGUI::SQL->buildHash("select distinct(language) from international");
-		@array = [];
-		$array[0] = $user{language};
-                $output .= tableFormRow(WebGUI::International::get(304),WebGUI::Form::selectList("language",\%data,\@array));
-                $output .= tableFormRow(WebGUI::International::get(314),WebGUI::Form::text("firstName",20,50,$user{firstName}));
-                $output .= tableFormRow(WebGUI::International::get(315),WebGUI::Form::text("middleName",20,50,$user{middleName}));
-                $output .= tableFormRow(WebGUI::International::get(316),WebGUI::Form::text("lastName",20,50,$user{lastName}));
-                $output .= tableFormRow(WebGUI::International::get(317),WebGUI::Form::text("icq",20,30,$user{icq}));
-                $output .= tableFormRow(WebGUI::International::get(318),WebGUI::Form::text("aim",20,30,$user{aim}));
-                $output .= tableFormRow(WebGUI::International::get(319),WebGUI::Form::text("msnIM",20,30,$user{msnIM}));
-                $output .= tableFormRow(WebGUI::International::get(320),WebGUI::Form::text("yahooIM",20,30,$user{yahooIM}));
-                $output .= tableFormRow(WebGUI::International::get(321),WebGUI::Form::text("cellPhone",20,30,$user{cellPhone}));
-                $output .= tableFormRow(WebGUI::International::get(322),WebGUI::Form::text("pager",20,30,$user{pager}));
-                $output .= tableFormRow(WebGUI::International::get(323),WebGUI::Form::text("homeAddress",20,128,$user{homeAddress}));
-                $output .= tableFormRow(WebGUI::International::get(324),WebGUI::Form::text("homeCity",20,30,$user{homeCity}));
-                $output .= tableFormRow(WebGUI::International::get(325),WebGUI::Form::text("homeState",20,30,$user{homeState}));
-                $output .= tableFormRow(WebGUI::International::get(326),WebGUI::Form::text("homeZip",20,15,$user{homeZip}));
-                $output .= tableFormRow(WebGUI::International::get(327),WebGUI::Form::text("homeCountry",20,30,$user{homeCountry}));
-                $output .= tableFormRow(WebGUI::International::get(328),WebGUI::Form::text("homePhone",20,30,$user{homePhone}));
-		$output .= tableFormRow(WebGUI::International::get(329),WebGUI::Form::text("workAddress",20,128,$user{workAddress}));
-                $output .= tableFormRow(WebGUI::International::get(330),WebGUI::Form::text("workCity",20,30,$user{workCity}));
-                $output .= tableFormRow(WebGUI::International::get(331),WebGUI::Form::text("workState",20,30,$user{workState}));
-                $output .= tableFormRow(WebGUI::International::get(332),WebGUI::Form::text("workZip",20,15,$user{workZip}));
-                $output .= tableFormRow(WebGUI::International::get(333),WebGUI::Form::text("workCountry",20,30,$user{workCountry}));
-                $output .= tableFormRow(WebGUI::International::get(334),WebGUI::Form::text("workPhone",20,30,$user{workPhone}));
-		@array = ($user{gender});
-                $output .= tableFormRow(WebGUI::International::get(335),WebGUI::Form::selectList("gender",\%gender,\@array));
-                $output .= tableFormRow(WebGUI::International::get(336),WebGUI::Form::text("birthdate",20,30,$user{birthdate}));
-                $output .= tableFormRow(WebGUI::International::get(337),WebGUI::Form::text("homepage",20,2048,$user{homepage}));
-                $output .= formSave();
-                $output .= '</table>';
-                $output .= '</form>';
-		$output .= '</td><td>&nbsp;</td><td class="formDescription" valign="top">';
-                $output .= '<h1>'.WebGUI::International::get(372).'</h1>';
-                $output .= formHeader();
-                $output .= WebGUI::Form::hidden("op","editUserGroupSave");
-                $output .= WebGUI::Form::hidden("uid",$session{form}{uid});
-                %data = WebGUI::SQL->buildHash("select groupId,groupName from groups where groupName<>'Reserved' order by groupName");
-                @array = WebGUI::SQL->buildArray("select groupId from groupings where userId=$session{form}{uid}");
-                $output .= WebGUI::Form::selectList("groups",\%data,\@array,5,1);
-                $output .= '<br>'.WebGUI::Form::submit(WebGUI::International::get(62));
-                $output .= '<p>'.WebGUI::International::get(373).'<p></form>';
-                $output .= '<table><tr><td class="tableHeader">'.WebGUI::International::get(89).'</td><td class="tableHeader">'.WebGUI::International::get(84).'</td><td class="tableHeader">'.WebGUI::International::get(369).'</td></tr>';
-                $sth = WebGUI::SQL->read("select groups.groupId,groups.groupName,groupings.expireDate from groupings,groups where groupings.groupId=groups.groupId and groupings.userId=$session{form}{uid} order by groups.groupName");
-                while (%hash = $sth->hash) {
-                        $output .= '<tr><td><a href="'.WebGUI::URL::page('op=deleteGrouping&uid='.
-				$session{form}{uid}.'&gid='.$hash{groupId}).'"><img src="'.
-				$session{setting}{lib}.'/delete.gif" border=0></a><a href="'.
-				WebGUI::URL::page('op=editGrouping&uid='.$session{form}{uid}.
-				'&gid='.$hash{groupId}).'"><img src="'.$session{setting}{lib}.
-				'/edit.gif" border=0></a></td>';
-                        $output .= '<td class="tableData">'.$hash{groupName}.'</td>';
-			$output .= '<td class="tableData">'.epochToHuman($hash{expireDate},"%M/%D/%y").'</td></tr>';
-                }
-                $sth->finish;
-                $output .= '</table>';
-		$output .= '</td></tr></table>';
+                $f->select("authMethod",\%data,WebGUI::International::get(164),[$u->authMethod]);
+                $f->url("ldapURL",WebGUI::International::get(165),$u->ldapURL);
+                $f->text("connectDN",WebGUI::International::get(166),$u->connectDN);
+                $f->submit;
+		$output .= $f->print;
+		$output = _subMenu($output);
        } else {
 		$output = WebGUI::Privilege::adminOnly();
        }
@ -272,7 +224,7 @@ sub www_editUser {

 #-------------------------------------------------------------------
 sub www_editUserSave {
-        my ($error, $uid, $encryptedPassword, $passwordStatement);
+        my ($error, $uid, $u, $encryptedPassword, $passwordStatement);
        if (WebGUI::Privilege::isInGroup(3)) {
                ($uid) = WebGUI::SQL->quickArray("select userId from users where username=".
 			quote($session{form}{username}));
@ -282,7 +234,12 @@ sub www_editUserSave {
                        	$passwordStatement = ', identifier='.quote($encryptedPassword);
                	}
                	$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
-                	WebGUI::SQL->write("update users set username=".quote($session{form}{username}).$passwordStatement.", authMethod=".quote($session{form}{authMethod}).", ldapURL=".quote($session{form}{ldapURL}).", connectDN=".quote($session{form}{connectDN}).", email=".quote($session{form}{email}).", language=".quote($session{form}{language}).", firstName=".quote($session{form}{firstName}).", middleName=".quote($session{form}{middleName}).", lastName=".quote($session{form}{lastName}).", icq=".quote($session{form}{icq}).", aim=".quote($session{form}{aim}).", msnIM=".quote($session{form}{msnIM}).", yahooIM=".quote($session{form}{yahooIM}).", homeAddress=".quote($session{form}{homeAddress}).", homeCity=".quote($session{form}{homeCity}).", homeState=".quote($session{form}{homeState}).", homeZip=".quote($session{form}{homeZip}).", homeCountry=".quote($session{form}{homeCountry}).", homePhone=".quote($session{form}{homePhone}).", workAddress=".quote($session{form}{workAddress}).", workCity=".quote($session{form}{workCity}).", workState=".quote($session{form}{workState}).", workZip=".quote($session{form}{workZip}).", workCountry=".quote($session{form}{workCountry}).", workPhone=".quote($session{form}{workPhone}).", cellPhone=".quote($session{form}{cellPhone}).", pager=".quote($session{form}{pager}).", gender=".quote($session{form}{gender}).", birthdate=".quote($session{form}{birthdate}).", homepage=".quote($session{form}{homepage})." where userId=".$session{form}{uid});
+			$u = WebGUI::User->new($session{form}{uid});
+			$u->username($session{form}{username});
+			$u->identifier($encryptedPassword);
+			$u->authMethod($session{form}{authMethod});
+			$u->connectDN($session{form}{connectDN});
+			$u->ldapURL($session{form}{ldapURL});
 			return www_listUsers();
 		} else {
 			return www_editUser();
@ -292,6 +249,45 @@ sub www_editUserSave {
        }
 }

+#-------------------------------------------------------------------
+sub www_editUserGroup {
+	my ($output, $f, @array, $sth, %hash);
+	tie %hash, 'Tie::CPHash';
+        if (WebGUI::Privilege::isInGroup(3)) {
+                $output .= '<h1>'.WebGUI::International::get(372).'</h1>';
+		$f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editUserGroupSave");
+                $f->hidden("uid",$session{form}{uid});
+                @array = WebGUI::SQL->buildArray("select groupId from groupings where userId=$session{form}{uid}");
+                $f->group("groups",WebGUI::International::get(89),\@array,8,1);
+                $f->submit;
+                $f->readOnly(WebGUI::International::get(373));
+		$output .= $f->print;
+                $output .= '<table><tr><td class="tableHeader">'.WebGUI::International::get(89).
+			'</td><td class="tableHeader">'.WebGUI::International::get(84).
+			'</td><td class="tableHeader">'.WebGUI::International::get(369).'</td></tr>';
+                $sth = WebGUI::SQL->read("select groups.groupId,groups.groupName,groupings.expireDate 
+			from groupings,groups where groupings.groupId=groups.groupId and 
+			groupings.userId=$session{form}{uid} order by groups.groupName");
+                while (%hash = $sth->hash) {
+                        $output .= '<tr><td><a href="'.WebGUI::URL::page('op=deleteGrouping&uid='.
+                                $session{form}{uid}.'&gid='.$hash{groupId}).'"><img src="'.
+                                $session{setting}{lib}.'/delete.gif" border=0></a><a href="'.
+                                WebGUI::URL::page('op=editGrouping&uid='.$session{form}{uid}.
+                                '&gid='.$hash{groupId}).'"><img src="'.$session{setting}{lib}.
+                                '/edit.gif" border=0></a></td>';
+                        $output .= '<td class="tableData">'.$hash{groupName}.'</td>';
+                        $output .= '<td class="tableData">'.epochToHuman($hash{expireDate},"%z").'</td></tr>';
+                }
+                $sth->finish;
+                $output .= '</table>';
+		$output = _subMenu($output);
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+	return $output;
+}
+
 #-------------------------------------------------------------------
 sub www_editUserGroupSave {
        my (@groups, $gid, $expireAfter);
@ -302,7 +298,75 @@ sub www_editUserGroupSave {
 			($expireAfter) = WebGUI::SQL->quickArray("select expireAfter from groups where groupId=$gid");
                        WebGUI::SQL->write("insert into groupings values ($gid, $session{form}{uid}, ".(time()+$expireAfter).")");
                }
-                return www_editUser();
+                return www_editUserGroup();
+        } else {
+                return WebGUI::Privilege::adminOnly();
+        }
+}
+
+#-------------------------------------------------------------------
+sub www_editUserProfile {
+        my ($output, $f, $a, %data, $method, $values, $category, $label, $default, $previousCategory);
+        if (WebGUI::Privilege::isInGroup(3)) {
+                $output .= '<h1>'.WebGUI::International::get(455).'</h1>';
+                $f = WebGUI::HTMLForm->new;
+                $f->hidden("op","editUserProfileSave");
+                $f->hidden("uid",$session{form}{uid});
+                $a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory
+                        where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId
+                        order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
+                while(%data = $a->hash) {
+                	$category = eval $data{categoryName};
+                        if ($category ne $previousCategory) {
+                        	$f->raw('<tr><td colspan="2" class="tableHeader">'.$category.'</td></tr>');
+                        }
+                        $values = eval $data{dataValues};
+                        $method = $data{dataType};
+                        $label = eval $data{fieldLabel};
+                        if ($method eq "select") {
+                                # note: this big if statement doesn't look elegant, but doing regular
+                                # ORs caused problems with the array reference.
+                                if ($session{form}{$data{fieldName}}) {
+                        		$default = [$session{form}{$data{fieldName}}];
+                                } elsif ($session{user}{$data{fieldName}}) {
+                                        $default = [$session{user}{$data{fieldName}}];
+                                } else {
+                                        $default = eval $data{dataDefault};
+                                }
+                                $f->select($data{fieldName},$values,$label,$default);
+                        } else {
+                                $default = $session{form}{$data{fieldName}}
+                                        || $session{user}{$data{fieldName}}
+                                        || eval $data{dataDefault};
+                                $f->$method($data{fieldName},$label,$default);
+                        }
+                        $previousCategory = $category;
+                }
+                $a->finish;
+                $f->submit;
+                $output .= $f->print;
+		$output = _subMenu($output);
+        } else {
+                $output .= WebGUI::Privilege::adminOnly();
+        }
+	return $output;
+}
+
+#-------------------------------------------------------------------
+sub www_editUserProfileSave {
+        my ($a, %field, $u);
+        if (WebGUI::Privilege::isInGroup(3)) {
+        	tie %field, 'Tie::CPHash';
+                $u = WebGUI::User->new($session{form}{uid});
+        	$a = WebGUI::SQL->read("select * from userProfileField");
+        	while (%field = $a->hash) {
+                	if ($field{fieldType} eq "date") {
+                        	$session{form}{$field{fieldName}} = setToEpoch($session{form}{$field{fieldName}});
+                	}
+                	$u->profileField($field{fieldName},$session{form}{$field{fieldName}}) if (exists $session{form}{$field{fieldName}});
+        	}
+        	$a->finish;
+                return www_editUserProfile();
        } else {
                return WebGUI::Privilege::adminOnly();
        }
@ -310,7 +374,8 @@ sub www_editUserGroupSave {

 #-------------------------------------------------------------------
 sub www_listUsers {
-	my ($output, $sth, @data, @row, $p, $i, $search);
+	my ($output, $sth, %data, @row, $p, $i, $search);
+	tie %data, 'Tie::CPHash';
        if (WebGUI::Privilege::isInGroup(3)) {
 		$output = helpLink(8);
 		$output .= '<h1>'.WebGUI::International::get(149).'</h1>';
@ -322,27 +387,32 @@ sub www_listUsers {
 		$output .= WebGUI::Form::submit(WebGUI::International::get(170));
 		$output .= '</td></form></tr></table><p>';
 		if ($session{form}{keyword} ne "") {
-			$search = " and (username like '%".$session{form}{keyword}."%' or email like '%".$session{form}{keyword}."%') ";
+			$search = " where (users.username like '%".$session{form}{keyword}."%') ";
 		}
-		$sth = WebGUI::SQL->read("select userId,username,email from users where username<>'Reserved' $search order by username");
-		while (@data = $sth->array) {
+		$sth = WebGUI::SQL->read("select * from users $search order by users.username");
+		while (%data = $sth->hash) {
 			$row[$i] = '<tr class="tableData"><td>';
-			$row[$i] .= '<a href="'.WebGUI::URL::page('op=deleteUser&uid='.$data[0]).
+			$row[$i] .= '<a href="'.WebGUI::URL::page('op=deleteUser&uid='.$data{userId}).
 				'"><img src="'.$session{setting}{lib}.'/delete.gif" border=0></a>';
-			$row[$i] .= '<a href="'.WebGUI::URL::page('op=editUser&uid='.$data[0]).
+			$row[$i] .= '<a href="'.WebGUI::URL::page('op=editUser&uid='.$data{userId}).
 				'"><img src="'.$session{setting}{lib}.'/edit.gif" border=0></a>';
-			$row[$i] .= '<a href="'.WebGUI::URL::page('op=becomeUser&uid='.$data[0]).
+			$row[$i] .= '<a href="'.WebGUI::URL::page('op=becomeUser&uid='.$data{userId}).
 				'"><img src="'.$session{setting}{lib}.'/become.gif" border=0></a>';
 			$row[$i] .= '</td>';
-			$row[$i] .= '<td><a href="'.WebGUI::URL::page('op=viewProfile&uid='.$data[0])
-				.'">'.$data[1].'</a></td>';
-			#$row[$i] .= '<td>'.$data[1].'</td>';
-			$row[$i] .= '<td><a href="mailto:'.$data[2].'">'.$data[2].'</a></td></tr>';
+			$row[$i] .= '<td><a href="'.WebGUI::URL::page('op=viewProfile&uid='.$data{userId})
+				.'">'.$data{username}.'</a></td>';
+			$row[$i] .= '<td class="tableData">'.epochToHuman($data{dateCreated},"%z").'</td>';
+			$row[$i] .= '<td class="tableData">'.epochToHuman($data{lastUpdated},"%z").'</td>';
+			$row[$i] .= '</tr>';
 			$i++;
 		}
 		$sth->finish;
                $p = WebGUI::Paginator->new(WebGUI::URL::page('op=listUsers'),\@row);
                $output .= '<table border=1 cellpadding=5 cellspacing=0 align="center">';
+		$output .= '<tr><td class="tableHeader"></td>
+			<td class="tableHeader">'.WebGUI::International::get(50).'</td>
+			<td class="tableHeader">'.WebGUI::International::get(453).'</td>
+			<td class="tableHeader">'.WebGUI::International::get(454).'</td></tr>';
                $output .= $p->getPage($session{form}{pn});
                $output .= '</table>';
                $output .= $p->getBarTraditional($session{form}{pn});