<?
// Copyright (C) Bloggie Lite Written by : Sean
// http://www.mywebland.com , http://mybloggie.mywebland.com
// You are requested to retain this copyright notice in order to use
// this software.
//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.
//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
//GNU General Public License for more details.
//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
if ( !defined('IN_BLOGGIE') )
{
die("You are not allowed to access this page directly !");
}
if (!authenticate()) {
error($lang['Error'], "Request terminated due to abnormal operations");
}
if ($userlevel==1) {
$template->assign_vars(array(
'L_GRAVATAR_FILENAME' => $lang['Gravatar_Filename'],
'L_GRAVATAR' => $lang['Gravatar'],
'FORMHEADER' => $lang['Add']."/".$lang['Edit']." ".$lang['User'],
'L_LEVEL' => $lang['Level'],
'L_PASSWORD' => $lang['Password'],
'L_NEW_PASSWORD' => $lang['New_Password'],
'L_REENTER_PASS' => $lang['Reenter_password'],
'L_ADMIN' => $lang['Administrator'],
'L_NORMAL_USER' => $lang['Normal_User'],
'L_GUEST' => $lang['Guest'],
'L_FOR_CHANGE_ONLY' => $lang['Change_Only'],
'L_CURRENT_PASSWORD' => $lang['Current_Password'],
'L_NEW_PASSWORD' => $lang['New_Password'],
'L_REENTER_PASS' => $lang['Reenter_password'],
'L_CHANGE_PASS' => $lang['Change_Password'],
));
if ( isset($_GET['action']) ) $action = $_GET['action'];
if (isset($_GET['uid'])) {$uid = intval($_GET['uid']);}
elseif (isset($_POST['uid'])) { $uid = intval($_POST['uid']); }
if (isset($_POST['add'])) {
if (isset($_POST['user'])) $user = sanitize_username($_POST['user']);
if (isset($_POST['password'])) $password = $_POST['password'];
if (isset($_POST['repassword'])) $repassword = $_POST['repassword'];
if (isset($_POST['level'])) $level = intval($_POST['level']);
if (isset($_POST['gravatar'])) $gravatar = htmlspecialchars($_POST['gravatar']);
$user = trim($user);
$sql = "SELECT user FROM ".USER_TBL." WHERE user='$user'";
$result = $db->sql_query($sql);
if( $db->sql_numrows($result)> 0 ) {
error( $lang['Error'], $lang['User_Exist'] );
if ($repassword!=$password) {
$error_flag = true;
$errormsg = $lang['Password_Not_Match']."<br />"; }
if ( !isset($user) or $user=="") {
$error_flag = true;
$errormsg =$errormsg." ".$lang['No_User']."<br />" ; }
if( $password == "" || $repassword == "" || empty($password) || !isset($password)) {
$error_flag = true;
$errormsg = $errormsg." ".$lang['2x_pwd']."<br />" ; }
if (!isset($error_flag)) $error_flag = false;
if ($error_flag) error( $lang['Error'], "$errormsg");
}
if ($userlevel==1 || $userlevel==2) {
$password = md5(trim($password));
$level = trim($level);
$sql = "INSERT INTO ".USER_TBL." SET user='$user', password='$password', level='$level', gravatar='$gravatar'";
$result = $db->sql_query($sql);
$template->assign_block_vars('status', array(
'STATUS' => $lang['User_Added']." -> Username : ".$user,
));
//message($lang['Add']." ".$lang['User'], ".........".$lang['Msg_posted']);
//metaredirect(self_url()."/admin.php?mode=useradmin",1);
//echo "<meta http-equiv=\"Refresh\" content=\"3;url=./admin.php?\" />";
//} else {
// message($lang['Error'], 'Abnormal Operation ! Request Aborted.');
// metaredirect(self_url()."/admin.php",0);
}
}
$allowed_filetypes = array('gif', 'jpeg', 'png', 'jpg');
$preg_filetypes = join('|', $allowed_filetypes);
$dir = "images/gravatar/";
$handle=opendir("../".$dir);
if (isset($_GET['uid'])) {
$sql = "SELECT * FROM ".USER_TBL." WHERE id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if( $db->sql_numrows($result) != 1 ) {
error( $lang['Error'], $lang['No_User'] );
} else {
if (!isset($_POST["edit"])) {
$gravatar = $row['gravatar'];
}
}
switch ($row['level']) {
case "1":
$template->assign_vars(array(
'ADMINSELECTED' => " selected"));
break;
case "2":
$template->assign_vars(array(
'NORMALSELECTED' => " selected"));
break;
case "0":
$template->assign_vars(array(
'GUESTSELECTED' => " selected"));
break;
default: $template->assign_vars(array(
'GUESTSELECTED' => " selected"));
break;
}
}
while ($file = readdir($handle)) {
if(!is_dir($file) && !is_link($file)) {
if ( preg_match('#.*?\.(' . $preg_filetypes . ')#si', $file ) ) {
if (isset($gravatar) && $file == $gravatar) { $selected = " selected"; } else { $selected = ""; }
$template->assign_block_vars('gravataroption', array(
'GRAVATAR_FILENAME' => $file,
'SELECTED' => $selected,
));
}
}
}
if (isset($action) && !isset($_POST["add"] )) {
switch ($action) {
case "deluser":
$sql = "SELECT * FROM ".USER_TBL." WHERE id='$uid'";
$result = $db->sql_query($sql);
if( $db->sql_numrows($result) > 0 ){
$sql = "DELETE FROM ".USER_TBL." WHERE id='$uid'";
if( !($result = $db->sql_query($sql)) )
{
$sql_error = $db->sql_error();
echo $sql_error['message'];
} else
{
$result = $db->sql_query($sql);
$template->assign_block_vars('adduser', array( ));
$template->assign_block_vars('status', array(
'STATUS' => $lang['User_Del_Info'].$uid,
));
}
} else {
$template->assign_block_vars('status', array(
'STATUS' => $lang['Error_1']." -> User ID : ".$uid,
));
}
break;
case "edituser":
/** if (!isset($_POST["add"]) && isset($_POST['uid'])) {
$sql = "SELECT * FROM ".USER_TBL." WHERE id='$uid'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if( $db->sql_numrows($result) != 1 ) {
error( $lang['Error'], $lang['No_User'] );
}
else { **/
if (!isset($_POST["edit"])) {
/** $gravatar = $row['gravatar'];
while ($file = readdir($handle)) {
if(!is_dir($file) && !is_link($file)) {
if ( preg_match('#.*?\.(' . $preg_filetypes . ')#si', $file ) ) {
if ($file == $gravatar) { $selected = "selected"; } else { $selected = ""; }
$template->assign_block_vars('gravataroption', array(
'GRAVATAR_FILENAME' => $file,
'SELECTED' => $selected,
));
}
}
} **/
// echo "edituder";
// echo $row['user'] ;
$template->assign_block_vars('edituser', array( ));
$template->assign_vars(array(
'UID' => $uid,
'NAME' => $row['user'],
//'GRAVATAR' => $gravatar,
// 'LEVEL' => $level,
));
} elseif (isset($_POST["edit"])) {
if (isset($_POST["user"])) { $user = sanitize_username(($_POST["user"])) ;}
if (isset($_POST["level"])) { $level = intval($_POST["level"]) ;}
if (isset($_POST["gravatar"])) { $gravatar = htmlspecialchars($_POST["gravatar"]) ;}
if (isset($_POST["changepass"])) { $changepass = intval($_POST["changepass"]) ;} else { $changepass = 0; }
$user = trim($user);
if ($changepass) {
// validate old password
$current_password = $_POST['current_password'];
$sql = "SELECT user, password FROM ".USER_TBL." WHERE user='$user' AND password='".md5($current_password)."'";
$result = $db->sql_query($sql);
if ( $db->sql_numrows($result)!= 1 ) {
error($lang['Error'],$lang['Wrong_Password']);
} else {
$password = $_POST['password'];
$repassword = $_POST['repassword'];
if ($user == $userdata['username'] && $password == $repassword)
{
error($lang['Confirm']," <form action=\"".$_SERVER['PHP_SELF']."?mode=useradmin&action=edituser\" method=\"post\"><br />". $lang['Change_Own_Password']."<br />
<input type=\"hidden\" name=\"uid\" value=\"".$uid."\" />
<input type=\"hidden\" name=\"user\" value=\"".$user."\" />
<input type=\"hidden\" name=\"level\" value=\"".$level."\" />
<input type=\"hidden\" name=\"gravatar\" value=\"".$gravatar."\" />
<input type=\"hidden\" name=\"password\" value=\"".$password."\" />
<input type=\"hidden\" name=\"edit\" value=\"edit\" />
<input type=\"submit\" name=\"confirm\" value=\"Yes\" /> <input type=\"submit\" name=\"confirm\" value=\"No\" /></form>");
} else {
//$_POST["confirm"] = "Yes";
}
}
}
if (isset($_POST["confirm"]) ) {
if ($_POST["confirm"] == "Yes") {
$sql = "UPDATE ".USER_TBL." SET user='$user', gravatar='$gravatar',password='".md5($gravatar)."', level='$level' where id='$uid'";
}
} else {
$sql = "UPDATE ".USER_TBL." SET user='$user', gravatar='$gravatar', level='$level' where id='$uid'";
}
if( !($result = $db->sql_query($sql)) )
{
$sql_error = $db->sql_error(); //214
error($lang['Error'], 'SQL Query Error : '.$sql_error['message'].' !');
}
/** $template->assign_vars(array(
'UID' => $row['id'],
'NAME' => $row['user'],
'GRAVATAR' => $pref_data['bloggie_path']."/images/gravatar/".$row['gravatar'],
'LEVEL' => $level,
)); **/
$template->assign_block_vars('status', array(
'STATUS' => $lang['User_Edited']." ID #".$uid,
));
$template->assign_block_vars('adduser', array( ));
}
// }
//}
break;
// default:
// $template->assign_vars(array(
// 'VERSION_INFO' => versioncheck($pref_data['version']),
// ));
// $template->pparse('admincontent') ; break;
}
} elseif (!isset($action)) {
$template->assign_block_vars('adduser', array( ));
}
$sql = "SELECT ".USER_TBL.".user, ".USER_TBL.".level, ".USER_TBL.".id, ".USER_TBL.".gravatar
FROM ".USER_TBL."
Order by ".USER_TBL.".id ASC ";
if( !($result = $db->sql_query($sql)) )
{
$sql_error = $db->sql_error();
echo $sql_error['message'];
}
$result = $db->sql_query($sql) ;
$n= 0;
while ($row = $db->sql_fetchrow($result)) {
if ( $n % 2 ) { $alt_clr =" class=\"whitebg\""; } else { $alt_clr = " class=\"greybg\""; }
$id = $row['id'];
$name = $row['user'];
if ($row['level']==1) {
$level = "Administrator" ;
}
elseif ($row['level']==2) {
$level = "Normal User" ;
}
elseif ($row['level']==0) {
$level = "Guest" ;
}
$template->assign_block_vars('listing', array(
'ALT_CLR' => $alt_clr,
'UID' => $row['id'],
'NAME' => $row['user'],
'GRAVATAR' => $pref_data['bloggie_path']."/images/gravatar/".$row['gravatar'],
'GRAVATAR_FILENAME' => $row['gravatar'],
'LEVEL' => $level,
'U_EDIT' => "<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=useradmin&action=edituser&uid=".$id."\">".$lang['Edit']."</a>",
//'U_DELETE' => "<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=useradmin&action=deluser&uid=".$id."\">".$lang['Del']."</a>" ,
'L_DEL' => $lang['Del'] ,
'DEL_CONF' => $lang['Delete_Confirmation'],
'APP_CONF' => $lang['Approve_Confirmation'],
)
);
$n++;
}
$template->pparse('userlist');
}
?>