Location: PHPKode > projects > MembersGear > membersgear/admin/admin_admin_m.php
<?php
require_once "../config/config.php";
require_once INCLUDE_DIR."/users_class.php";
require_once INCLUDE_DIR."/roles_class.php";
require_once INCLUDE_DIR."/usersinroles_class.php";

$users = new users_class();
$userrole=new roles_class();
$userinrole=new usersinroles_class();

if($_SERVER['REQUEST_METHOD']=="GET")
        $_SESSION[SESSION_PREFIX.'page_referrer']=$_SERVER['HTTP_REFERER'];
        
if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can Browse Admins')==false)
{
    Redirect('admin_nopermission.php',true);  
    
}
switch($_action)
{
    
    
    
    case 'insert':
    
    
           //Insert
          $lstokenKey=createToken(); 
          $lsValues1 = array(strtolower($_POST['username']));
       //   $lTypes1=array('text');
  
           $liUseravialble=$users->IsUserAvailable("SELECT * FROM ".TABLE_PREFIX ."users where username=?",$lsValues1,null);
            if($liUseravialble==false)
            {    
                       $lTypes=null;   
                       $query="INSERT INTO ".TABLE_PREFIX ."users (username,`password`,secretsalt,firstname,lastname, Email,country,state, city, address1,address2, zipcode,phone_main,createdon, createdby,createdipaddress,isapproved,islockedout,isunsubscribedfromemails) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";         
                         $lsValues = array();
                         $lsValues[]=trim(strtolower(strtolower($_POST['username'])));
                         $lsValues[]=encrypt($_POST['password'],$lstokenKey);
                         $lsValues[]=$lstokenKey;
                         $lsValues[]=' ';
                         $lsValues[]=' ' ;
                         $lsValues[]=$_POST['email'];
                         $lsValues[]=' ';
                         $lsValues[]=' ';
                         $lsValues[]=' ';
                         $lsValues[]=' ';
                         $lsValues[]=' ';
                         $lsValues[]=' ';
                         $lsValues[]=' ';
                         $lsValues[]=mktime();
                         $lsValues[]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
                         $lsValues[]=$_SERVER['REMOTE_ADDR'];
                         if($_POST['isapproved']=="1")
                         {                          
                            $lsValues[]=$_POST['isapproved'];
                         }
                         else
                         {
                            $lsValues[]=0; 
                         } 
                         $lsValues[]=$_POST['islockedout'];
                         $lsValues[]=$_POST['isUnsubscribe']=="1"?$_POST['isUnsubscribe']:0;
                         $lsInsertedrows = $users->Insert($query,$lsValues,null);
                         if($lsInsertedrows>0)
                         {   
                             $lauserinfovalue=array();
                             $lauserinfovalue[0] = trim(strtolower($_POST['username'])); 
                             $lauserinfo = $users->view("SELECT id FROM ".TABLE_PREFIX ."users where username=?",$lauserinfovalue,null);
                             
                             $lapermission=array();
                             $query= "INSERT INTO ".TABLE_PREFIX."users_permissions (userid, permission, createdon, createdby, createdipaddress)VALUES(?,?,?,?,?)"; 
                              if($_POST['supuserper']!='')
                             {
                                 $lapermission[0]=$lauserinfo[0]['id']; 
                                 $lapermission[1]=$_POST['supuserper'];
                                 $lapermission[2]=mktime();
                                 $lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
                                 $lapermission[4]=$_SERVER['REMOTE_ADDR']; 
                                 
                                 $lsInsertedrows = $users->Insert($query,$lapermission,null);    
                                 
                             }  
                             else
                             {
                                     foreach($_POST['adminper'] as $key=>$value)
                                     {
                                           $lapermission[0]=$lauserinfo[0]['id']; 
                                           $lapermission[1]= $value;  
                                           $lapermission[2]=mktime();
                                           $lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
                                           $lapermission[4]=$_SERVER['REMOTE_ADDR']; 
                                           $lsInsertedrows = $users->Insert($query,$lapermission,null); 
                                           
                                     } 
                             }        
                             
                            
                             $lsValuesrole=array();
                             $lsValuesrole[0]='admin';
                             $laroleid=$userrole->GetRoleID($lsValuesrole,null);
                             
                             $lauserinrolevalue=array();
                             $lauserinrolevalue[0]=$lauserinfo[0]['id'];
                             $lauserinrolevalue[1]=$laroleid[0]['id'];
                             $lauserinrolevalue[2]=mktime();
                             $lauserinrolevalue[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID']; 
                             $lauserinrolevalue[4]=$_SERVER['REMOTE_ADDR'];   
                             $user= $userinrole->Insert('',$lauserinrolevalue,null);
                             
                         }   
                         
                              
                   
                         $smarty->assign('msg','New user added successfully.');  
                         $message->SetMessage('Admin is successfully added.');
                         
                      if(isset($_SESSION[SESSION_PREFIX.'page_referrer']))
                         Redirect($_SESSION[SESSION_PREFIX.'page_referrer'],true);
                       else  
                        Redirect('./admin_admin_v.php');  
                                
                           
           }
            else
            {           $iaPostdata = array();
                        $i=0;           
                        foreach($_POST as $key=>$value)
                        {   
                                $iaPostdata[$key]=$value;
                                $i++;
                        }        
                         $smarty->assign('post',$iaPostdata);
                         $smarty->assign('msg','Username already Exist.');                       
                         $result = $users->GetadminPermission("2");  
                         $result1 = $users->GetadminPermission("1");
                         $result2 = $users->GetUserStatus();
                         $smarty->assign('permissionarray',$result); 
                         $smarty->assign('supadminpermission',$result1);
                         $smarty->assign('status',$result2); 
                         $laLockedout=array(0=>'No',1=>'Yes',2=>'Disable auto-lock for this user'); 
                      /*   if(MEMBER_UNIQUE_EMAIL=='true')
                          {
                                require_once INCLUDE_DIR."/ctl_isemailavailable.php"; 
                            }    */
                            
                         //   phpajax::init(); 
                            
                         $smarty->assign('laLockedout',$laLockedout); 
                        
                         $smarty->display('admin_admin_m.tpl');  
                        
                
            } 

           
           break;
           
       
          
    case 'update':                     
           //Update 
            $lsUid=$_POST['uid'];
                    
            $key=$users->getSecretsaltById($lsUid);
            $lsValues = array();   
            if((trim($_SESSION[SESSION_PREFIX.'Admin_UserName']) =='administrator') 
                 or (trim($_POST['username'])!= 'administrator' &&  trim($_SESSION[SESSION_PREFIX.'Admin_UserName'])!= 'administrator'))
            {
                 $query="update ".TABLE_PREFIX ."users set  `password`=?,Email=?,modifiedon=?,modifiedby=?,modifiedipaddress=?,isapproved=?,islockedout=?,isunsubscribedfromemails=?  where id=?";
                 $lsValues[]=encrypt($_POST['password'],$key); 
            }
            else
            {
                $query="update ".TABLE_PREFIX ."users set Email=?,modifiedon=?,modifiedby=?,modifiedipaddress=?,isapproved=?,islockedout=?,isunsubscribedfromemails=?  where id=?";
            }     
            $lsValues[]=$_POST['email'];
            $lsValues[]=mktime();
            $lsValues[]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
            $lsValues[]=$_SERVER['REMOTE_ADDR'];
            if($_POST['isapproved']=="1")
            {                          
                $lsValues[]=$_POST['isapproved'];
            }
            else
            {
                $lsValues[]=0; 
            } 
            if(trim($_POST['username'])=='administrator')
            {
              $lsValues[]=0;   
            }
            else
            {    
                $lsValues[]=$_POST['islockedout'];
            }
            $lsValues[]=$_POST['isUnsubscribe']=="1"?$_POST['isUnsubscribe']:0;  
            $lsValues[]=$_POST['uid'];
            $lsUpdatedrows = $users->Update($query,$lsValues,$lTypes); 
            if($lsUpdatedrows>0)
            {
                
                             $ladpermission[0]=$_POST['uid'];  
                             $query="delete from ".TABLE_PREFIX."users_permissions where userid=?";
                             $lsdeletedrows = $users->delete($query,$ladpermission,null);
                             $lapermission=array();
                             $query= "INSERT INTO ".TABLE_PREFIX."users_permissions (userid, permission, createdon, createdby, createdipaddress)VALUES(?,?,?,?,?)"; 
                              if($_POST['supuserper']!='')
                             {
                                 $lapermission[0]=$_POST['uid']; 
                                 $lapermission[1]=$_POST['supuserper'];
                                 $lapermission[2]=mktime();
                                 $lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
                                 $lapermission[4]=$_SERVER['REMOTE_ADDR']; 
                                 
                                 $lsInsertedrows = $users->Insert($query,$lapermission,null);    
                                 
                             }  
                             else
                             {
                                     foreach($_POST['adminper'] as $key=>$value)
                                     {
                                           $lapermission[0]=$_POST['uid']; 
                                           $lapermission[1]= $value;  
                                           $lapermission[2]=mktime();
                                           $lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
                                           $lapermission[4]=$_SERVER['REMOTE_ADDR']; 
                                           $lsInsertedrows = $users->Insert($query,$lapermission,null); 
                                           
                                     } 
                             }        
                
            } 
            $message->SetMessage('Admin is Successfully updated.'); 
            
           if(isset($_SESSION[SESSION_PREFIX.'page_referrer']))
                 Redirect($_SESSION[SESSION_PREFIX.'page_referrer'],true);
               else  
          Redirect('./admin_admin_v.php');  
           
            break;
     case 'delete':
      
            if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can delete admins')==false)
            {
                    Redirect('admin_nopermission.php',true);
                
            } 
          $laduser[0]= $_GET['id'];
            $laedituserinfo = $users->view("SELECT * FROM ".TABLE_PREFIX ."users where id=?",$laduser,null);  
            
           if($laedituserinfo[0]['username']!='admin')
           {    
               $laduser[0]= $_GET['id'];  
               $query="delete from ".TABLE_PREFIX."users where id=?";
               $lsdeletedrows = $users->delete($query, $laduser,null);
              
               if($lsdeletedrows>0)
               {  
                    $userinrole->delete('',$laduser,null);
                    $query="delete from ".TABLE_PREFIX."users_permissions where userid=?";
                    $lsdeletedrows = $users->delete($query,$laduser,null);
               }
               $message->SetMessage('Admin is successfully deleted.'); 
                $quest="&";
                if(isset($_GET) && !empty($_GET))
                 {
                     foreach($_GET as $keyname => $value) {
                          if(strtoupper($keyname)!='ACTION')
                             $quest.=$keyname."=".$value."&";
                        }     
                 
                 }
             }    
            else
            {
               $message->SetMessage('The inbuilt system administrator is not allowed to delete.'); 
             }
            
            if(isset($_SESSION[SESSION_PREFIX.'page_referrer']))
                 Redirect($_SESSION[SESSION_PREFIX.'page_referrer'],true);
            else  
                Redirect("./admin_admin_v.php?$quest");  
          
          break;
     case 'edit':

          
           
             if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can edit admins')==false)
             {
                      Redirect('admin_nopermission.php',true);
             }
             
            
             $lsupdateid[0]=$_GET['id'];
             
             $key=$users->getSecretsaltById($_GET['id']);
             
             $laedituserinfo = $users->view("SELECT * FROM ".TABLE_PREFIX ."users where id=?",$lsupdateid,null);  
             
             $laedituserinfo[0]['password'] = decrypt($laedituserinfo[0]['password'],$key);
             
             $smarty->assign('userdata',$laedituserinfo);   
             
             $smarty->assign('IsEdit','yes');
             
            // require_once INCLUDE_DIR."/ctl_isusernameavailable.php";                
           /* if(MEMBER_UNIQUE_EMAIL=='true')
            {
                require_once INCLUDE_DIR."/ctl_isemailavailable.php"; 
            }
            
            phpajax::init(); */
             
            $laepermission=$users->view("SELECT permission FROM ".TABLE_PREFIX ."users_permissions where userid=?",$lsupdateid,null);
            $litotalrecord= count($laepermission);
            $smarty->assign('totrecord',$litotalrecord); 
            $smarty->assign('userperdata1',$laepermission);  
            $smarty->assign('userperdata2',$laepermission); 
            $result = $users->GetadminPermission("2");  
           $result1 = $users->GetadminPermission("1");
           //$result2 = $users->GetUserStatus();
           $laLockedout=array(0=>'No',1=>'Yes',2=>'Disable auto-lock for this user');
           $smarty->assign('laLockedout',$laLockedout);
           $smarty->assign('permissionarray',$result); 
           $smarty->assign('supadminpermission',$result1);
           //$smarty->assign('status',$result2);
           $smarty->assign('lsloggedinusername',trim($_SESSION[SESSION_PREFIX.'Admin_UserName']));
           $smarty->display('admin_admin_m.tpl'); 
           break;
     default:
           if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can add admins')==false)
           {
                    Redirect('admin_nopermission.php',true);
             
           }        
         
        // require_once INCLUDE_DIR."/ctl_isusernameavailable.php";     
         /*if(MEMBER_UNIQUE_EMAIL=='true')
           {
                require_once INCLUDE_DIR."/ctl_isemailavailable.php"; 
           }
            
          phpajax::init();    */

           $result = $users->GetadminPermission("2");  
           $result1 = $users->GetadminPermission("1");
           //$result2 = $users->GetUserStatus();
           $laLockedout=array(0=>'No',1=>'Yes',2=>'Disable auto-lock for this user');
           $smarty->assign('laLockedout',$laLockedout);
           $smarty->assign('permissionarray',$result); 
           $smarty->assign('supadminpermission',$result1);
           //$smarty->assign('status',$result2);
           
           $smarty->display('admin_admin_m.tpl');  
                       
}

?>
Return current item: MembersGear