Location: PHPKode > projects > Bloggie Lite > admin/useradmin.php
<?

// Copyright (C) Bloggie Lite Written by : Sean
// http://www.mywebland.com , http://mybloggie.mywebland.com

// You are requested to retain this copyright notice in order to use
// this software.

//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.

//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//GNU General Public License for more details.

//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

if ( !defined('IN_BLOGGIE') )
{
    die("You are not allowed to access this page directly !");
}

if (!authenticate()) {
    error($lang['Error'], "Request terminated due to abnormal operations");
}

if ($userlevel==1) {

$template->assign_vars(array(
     'L_GRAVATAR_FILENAME'  => $lang['Gravatar_Filename'],
     'L_GRAVATAR'           => $lang['Gravatar'],
     'FORMHEADER'           => $lang['Add']."/".$lang['Edit']." ".$lang['User'],
     'L_LEVEL'              => $lang['Level'],
     'L_PASSWORD'           => $lang['Password'],
     'L_NEW_PASSWORD'       => $lang['New_Password'],
     'L_REENTER_PASS'       => $lang['Reenter_password'],
     'L_ADMIN'              => $lang['Administrator'],
     'L_NORMAL_USER'        => $lang['Normal_User'],
     'L_GUEST'              => $lang['Guest'],
     'L_FOR_CHANGE_ONLY'      => $lang['Change_Only'],
     'L_CURRENT_PASSWORD'   => $lang['Current_Password'],
     'L_NEW_PASSWORD'       => $lang['New_Password'],
     'L_REENTER_PASS'       => $lang['Reenter_password'],
     'L_CHANGE_PASS'        => $lang['Change_Password'],
     ));

if ( isset($_GET['action']) ) $action = $_GET['action'];
if (isset($_GET['uid'])) {$uid = intval($_GET['uid']);}
  elseif (isset($_POST['uid'])) { $uid = intval($_POST['uid']); }

if (isset($_POST['add'])) {
     if (isset($_POST['user'])) $user = sanitize_username($_POST['user']);
     if (isset($_POST['password'])) $password = $_POST['password'];
     if (isset($_POST['repassword'])) $repassword = $_POST['repassword'];
     if (isset($_POST['level'])) $level = intval($_POST['level']);
     if (isset($_POST['gravatar'])) $gravatar = htmlspecialchars($_POST['gravatar']);
     $user = trim($user);

     $sql = "SELECT user FROM ".USER_TBL." WHERE user='$user'";
     $result = $db->sql_query($sql);
     if( $db->sql_numrows($result)> 0 ) {
     error( $lang['Error'], $lang['User_Exist'] );
     if ($repassword!=$password) {
     $error_flag = true;
     $errormsg = $lang['Password_Not_Match']."<br />";  }
     if ( !isset($user) or $user=="") {
     $error_flag = true;
     $errormsg =$errormsg." ".$lang['No_User']."<br />" ; }
     if( $password == "" || $repassword == "" || empty($password) ||  !isset($password))  {
     $error_flag = true;
     $errormsg = $errormsg." ".$lang['2x_pwd']."<br />" ; }
     if (!isset($error_flag)) $error_flag = false;
     if ($error_flag) error( $lang['Error'], "$errormsg");
     }
     if ($userlevel==1 || $userlevel==2) {
       $password = md5(trim($password));
       $level = trim($level);
       $sql = "INSERT INTO ".USER_TBL." SET user='$user', password='$password', level='$level', gravatar='$gravatar'";
       $result = $db->sql_query($sql);

                $template->assign_block_vars('status', array(
               'STATUS'          => $lang['User_Added']." -> Username : ".$user,
               ));
       //message($lang['Add']." ".$lang['User'], ".........".$lang['Msg_posted']);
       //metaredirect(self_url()."/admin.php?mode=useradmin",1);
       //echo "<meta http-equiv=\"Refresh\" content=\"3;url=./admin.php?\" />";
     //} else {
     //  message($lang['Error'], 'Abnormal Operation ! Request Aborted.');
     //  metaredirect(self_url()."/admin.php",0);
     }

}

$allowed_filetypes = array('gif', 'jpeg', 'png', 'jpg');
$preg_filetypes = join('|', $allowed_filetypes);
$dir = "images/gravatar/";
$handle=opendir("../".$dir);

      if (isset($_GET['uid'])) {
      $sql = "SELECT * FROM ".USER_TBL." WHERE id='$uid'";
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
         if( $db->sql_numrows($result) != 1 ) {
            error( $lang['Error'], $lang['No_User'] );
         } else {
           if (!isset($_POST["edit"])) {
           $gravatar = $row['gravatar'];
           }
         }
           switch ($row['level']) {
              case "1":
                 $template->assign_vars(array(
                 'ADMINSELECTED'  => " selected"));
              break;
              case "2":
                 $template->assign_vars(array(
                 'NORMALSELECTED'  => " selected"));
              break;
              case "0":
                 $template->assign_vars(array(
                 'GUESTSELECTED'  => " selected"));
              break;


              default: $template->assign_vars(array(
                 'GUESTSELECTED'  => " selected"));
              break;
           }

       }
        while ($file = readdir($handle)) {
          if(!is_dir($file) && !is_link($file)) {
            if ( preg_match('#.*?\.(' . $preg_filetypes . ')#si', $file ) ) {
           if (isset($gravatar) && $file == $gravatar) { $selected = " selected"; } else { $selected = ""; }
              $template->assign_block_vars('gravataroption', array(
              'GRAVATAR_FILENAME' => $file,
              'SELECTED' => $selected,
              ));
            }
          }
        }

  if (isset($action) && !isset($_POST["add"] )) {


    switch ($action) {
    case "deluser":
      $sql = "SELECT * FROM ".USER_TBL." WHERE id='$uid'";
     $result = $db->sql_query($sql);
    if( $db->sql_numrows($result) > 0 ){
       $sql = "DELETE FROM ".USER_TBL." WHERE id='$uid'";
       if( !($result = $db->sql_query($sql)) )
           {
            $sql_error = $db->sql_error();
           echo $sql_error['message'];
           } else
           {
              $result = $db->sql_query($sql);
              $template->assign_block_vars('adduser', array( ));
              $template->assign_block_vars('status', array(
               'STATUS'          => $lang['User_Del_Info'].$uid,
               ));
           }
     } else  {
         $template->assign_block_vars('status', array(
               'STATUS'          => $lang['Error_1']." -> User ID : ".$uid,
               ));
    }
    break;
    case "edituser":
/**      if (!isset($_POST["add"]) && isset($_POST['uid'])) {
      $sql = "SELECT * FROM ".USER_TBL." WHERE id='$uid'";
      $result = $db->sql_query($sql);
      $row = $db->sql_fetchrow($result);
      if( $db->sql_numrows($result) != 1 ) {
         error( $lang['Error'], $lang['No_User'] );
      }
      else { **/
      if (!isset($_POST["edit"])) {
/**         $gravatar = $row['gravatar'];
       while ($file = readdir($handle)) {
          if(!is_dir($file) && !is_link($file)) {
            if ( preg_match('#.*?\.(' . $preg_filetypes . ')#si', $file ) ) {
              if  ($file == $gravatar) { $selected = "selected"; } else { $selected = ""; }
              $template->assign_block_vars('gravataroption', array(
              'GRAVATAR_FILENAME' => $file,
              'SELECTED' => $selected,
              ));
            }
          }
        } **/
//        echo "edituder";
//        echo  $row['user'] ;
        $template->assign_block_vars('edituser', array( ));
        $template->assign_vars(array(
          'UID'         => $uid,
          'NAME'        => $row['user'],
          //'GRAVATAR'    => $gravatar,
//          'LEVEL'       => $level,
        ));
       } elseif (isset($_POST["edit"])) {
          if (isset($_POST["user"])) { $user = sanitize_username(($_POST["user"])) ;}
          if (isset($_POST["level"])) { $level = intval($_POST["level"]) ;}
          if (isset($_POST["gravatar"])) { $gravatar = htmlspecialchars($_POST["gravatar"]) ;}
          if (isset($_POST["changepass"])) { $changepass = intval($_POST["changepass"]) ;} else { $changepass = 0; }
          $user = trim($user);
          if ($changepass) {
          // validate old password
          $current_password = $_POST['current_password'];
          $sql =  "SELECT user, password FROM ".USER_TBL." WHERE user='$user' AND password='".md5($current_password)."'";
          $result = $db->sql_query($sql);
          if ( $db->sql_numrows($result)!= 1  ) {
           error($lang['Error'],$lang['Wrong_Password']);
          } else {

          $password = $_POST['password'];
          $repassword = $_POST['repassword'];
            if ($user == $userdata['username'] && $password == $repassword)
            {
            error($lang['Confirm']," <form action=\"".$_SERVER['PHP_SELF']."?mode=useradmin&amp;action=edituser\" method=\"post\"><br />". $lang['Change_Own_Password']."<br />
                    <input type=\"hidden\" name=\"uid\" value=\"".$uid."\" />
                    <input type=\"hidden\" name=\"user\" value=\"".$user."\" />
                    <input type=\"hidden\" name=\"level\" value=\"".$level."\" />
                    <input type=\"hidden\" name=\"gravatar\" value=\"".$gravatar."\" />
                    <input type=\"hidden\" name=\"password\" value=\"".$password."\" />
                    <input type=\"hidden\" name=\"edit\" value=\"edit\" />
                    <input type=\"submit\" name=\"confirm\" value=\"Yes\" />&nbsp;&nbsp;<input type=\"submit\" name=\"confirm\" value=\"No\" /></form>");
            } else {
             //$_POST["confirm"] = "Yes";
            }
          }
          }
          if (isset($_POST["confirm"]) ) {
            if  ($_POST["confirm"] == "Yes") {
            $sql = "UPDATE ".USER_TBL." SET user='$user', gravatar='$gravatar',password='".md5($gravatar)."',  level='$level' where id='$uid'";
            }
          } else {
          $sql = "UPDATE ".USER_TBL." SET user='$user', gravatar='$gravatar',  level='$level' where id='$uid'";
          }

          if( !($result = $db->sql_query($sql)) )
          {
             $sql_error = $db->sql_error();         //214
             error($lang['Error'], 'SQL Query Error : '.$sql_error['message'].' !');
          }
/**          $template->assign_vars(array(
          'UID'         => $row['id'],
          'NAME'        => $row['user'],
          'GRAVATAR'    => $pref_data['bloggie_path']."/images/gravatar/".$row['gravatar'],
          'LEVEL'       => $level,
           ));   **/
          $template->assign_block_vars('status', array(
          'STATUS'          => $lang['User_Edited']." ID #".$uid,
          ));
         $template->assign_block_vars('adduser', array( ));
       }
     // }
      //}
    break;
//    default:
//    $template->assign_vars(array(
//     'VERSION_INFO'      => versioncheck($pref_data['version']),
//    ));
//    $template->pparse('admincontent') ; break;
    }
} elseif (!isset($action))  {
         $template->assign_block_vars('adduser', array( ));
}


$sql = "SELECT ".USER_TBL.".user, ".USER_TBL.".level,   ".USER_TBL.".id,    ".USER_TBL.".gravatar
FROM ".USER_TBL."
Order by ".USER_TBL.".id ASC ";

if( !($result = $db->sql_query($sql)) )
   {
    $sql_error = $db->sql_error();
    echo $sql_error['message'];
   }

$result = $db->sql_query($sql) ;
$n= 0;
while ($row = $db->sql_fetchrow($result)) {
if ( $n % 2 ) { $alt_clr =" class=\"whitebg\""; } else { $alt_clr = " class=\"greybg\""; }
$id = $row['id'];
$name = $row['user'];

if ($row['level']==1) {
   $level = "Administrator" ;
}
elseif ($row['level']==2) {
   $level = "Normal User" ;
}
elseif ($row['level']==0) {
  $level = "Guest" ;
}
$template->assign_block_vars('listing', array(
          'ALT_CLR'     => $alt_clr,
          'UID'         => $row['id'],
          'NAME'        => $row['user'],
          'GRAVATAR'    => $pref_data['bloggie_path']."/images/gravatar/".$row['gravatar'],
          'GRAVATAR_FILENAME'    => $row['gravatar'],
          'LEVEL'       => $level,
          'U_EDIT'      => "<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=useradmin&amp;action=edituser&amp;uid=".$id."\">".$lang['Edit']."</a>",
          //'U_DELETE'    => "<a class=\"std\" href=\"".$_SERVER['PHP_SELF']."?mode=useradmin&amp;action=deluser&amp;uid=".$id."\">".$lang['Del']."</a>" ,
          'L_DEL'            => $lang['Del'] ,
          'DEL_CONF'         => $lang['Delete_Confirmation'],
          'APP_CONF'         => $lang['Approve_Confirmation'],
 )
 );
$n++;
}

$template->pparse('userlist');

}

?>
Return current item: Bloggie Lite