Location: PHPKode > projects > Nail Streaming Server > nailss_v12/security/users.php
<?php
session_start();
include_once( getcwd()."/../includes/configuration.php" );
include_once( getcwd()."/../includes/misc.php" );
include_once( getcwd()."/../layout/header.php" );

if($backend != "mysql")
{
	die( "mysql backend required" );
}

connect_to($dbhost, $dbuser, $dbpass, $dbname);

if($_POST["forsure"] == "yes" && $_POST["newuser"] != "admin")
{
	$sql0 = "INSERT INTO `users` (`user`, `pass`) VALUES ('".mysql_real_escape_string($_POST["newuser"])."', '".md5($_POST["newpassword"])."')";
	$insertResult0 = mysql_query($sql0);
}

if($_GET["action"] == "delete")
{
	$sql0 = "DELETE FROM `users` WHERE `ID` = '".mysql_real_escape_string($_GET["id"])."'";
	$deleteResult0 = mysql_query($sql0);
}
elseif($_GET["action"] == "modify")
{
	$sql0 = "SELECT * FROM `users` WHERE `ID` = '".mysql_real_escape_string($_GET["id"])."'";
	$selectResult0 = mysql_query($sql0);
	
	$row = mysql_fetch_array($selectResult0);
	
	echo( "
<h2>Update User</h2>
<form action=\"users.php\" method=\"post\">
<input type=\"hidden\" name=\"action\" value=\"update\">
<input type=\"hidden\" name=\"id\" value=\"".$row["ID"]."\">
Name: <input name=\"newuser\" value=\"".$row["user"]."\"><br>
Old Password: <input type=\"password\" name=\"oldpassword\"><br>
New Password: <input type=\"password\" name=\"newpassword\"><br>
Retype Password: <input type=\"password\" name=\"newpassword2\"><br>
<input type=\"Button\" value=\"Check\" onclick=\"javascript:this.value='Please Wait';this.disabled=1;document.forms[0].submit()\">
" );
die();
}
elseif($_POST["action"] == "update")
{
	$sql0 = "SELECT * FROM `users` WHERE `ID` = '".mysql_real_escape_string($_POST["id"])."'";
	$selectResult0 = mysql_query($sql0);
	
	$row = mysql_fetch_array($selectResult0);
	
	if($_POST["newpassword"] == $_POST["newpassword2"] && md5($_POST["oldpassword"]) == $row["pass"])
	{
		$pass = md5($_POST["newpassword"]);
	}
	else
	{
		$pass = $row["pass"];
	}
	
	$sql15 = "UPDATE `users` SET `user` = '".mysql_real_escape_string($_POST["newuser"])."', `pass` = '$pass' WHERE `ID` = '".mysql_real_escape_string($_POST["id"])."'";
	$updateResult15 = mysql_query($sql15);
}

$sql16 = "SELECT * FROM `users`";
$selectResult16 = mysql_query($sql16);

echo( "<table border=\"0\" cellpadding=\"0\" cellspacing=\"5\" width=\"100%\">
<tr><td>
<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\">
<tr class=\"tableheader\"><td colspan=\"7\"><center><h3>Users</h3></center></td></tr>" );
echo( "<tr class=\"hovertr\"><td colspan=\"5\">admin</td><td colspan=\"2\">[Modify][Delete]</td></tr>" );
while($row = mysql_fetch_array($selectResult16))
{
$username = $row["user"];
$id = $row["ID"];
echo( "<tr class=\"hovertr\"><td colspan=\"5\">$username</td><td colspan=\"2\">[<a href=\"users.php?id=$id&action=modify\">Modify</a>][<a href=\"users.php?id=$id&action=delete\">Delete</a>]</td></tr>" );
}
echo( "
</table>
</td></tr>
</table>" );


echo( "
</table>
</td></tr>
</table>" );
echo( "
<h2>Add User</h2>
<form action=\"users.php\" method=\"post\">
<input type=\"hidden\" name=\"forsure\" value=\"yes\">
Name: <input name=\"newuser\" value=\"$file\"><br>
Password: <input type=\"password\" name=\"newpassword\"><br>
<input type=\"Button\" value=\"Check\" onclick=\"javascript:this.value='Please Wait';this.disabled=1;document.forms[0].submit()\">
" );

?>
Return current item: Nail Streaming Server