Location: PHPKode > projects > Network Managment / Inventory System > clearsite/include/admin/user.php
<?php

include_once("../config.php");
include_once("$cs_base_path/include/aloe/aloe_config.php");

$form_data = $_POST;

if (isset($_COOKIE['clearsite']['user_ID'])) {
  $user_ID = $_COOKIE['clearsite']['user_ID'];
  mysql_connect("$DBhost:$DBport",$DBuser,$DBpass) or die("Unable to connect to database");
  @mysql_select_db("$DBName") or die("Unable to select database $DBName");
  $user_level_query = "SELECT userlevel FROM user_data WHERE user_ID=\"$user_ID\"";
  $user_level_result = mysql_query($user_level_query);
  $user_level_row = mysql_fetch_assoc($user_level_result);
  $user_level = $user_level_row['userlevel'];
  mysql_close();
  if ($user_level == 2) {  
    if (!empty($form_data['act'])) {
      $mysqlerror = "";
      mysql_connect("$DBhost:$DBport",$DBuser,$DBpass) or die("Unable to connect to database");
      @mysql_select_db("$DBName") or die("Unable to select database $DBName");
      foreach ($form_data as $key => $value) {
        if (substr($key, 0, 6) == "level_") {
          $userlevel_update = "UPDATE user_data SET userlevel=\"$value\" WHERE user_ID=\"" . substr($key, 6) . "\"";
          $userlevel_result = mysql_query($userlevel_update);
        };
      };
      mysql_close();
    };
    print "
           <fieldset class=\"site_admin\">
    ";
    if (!empty($form_data['act'])) {
      print "<label><font class=\"admin_error\">Users Updated</font></label><br />";
    };
    print "
           <form action=\"$ClearsiteBaseURL/include/admin/user.php\" method=\"POST\" onsubmit=\"docClickLoader.submitInto(this, 'targetArea', event)\">
            <input type=\"hidden\" name=\"act\" value=\"update\">
    ";
    mysql_connect("$DBhost:$DBport",$DBuser,$DBpass) or die("Unable to connect to database");
    @mysql_select_db("$DBName") or die("Unable to select database $DBName");
    $user_list_query = "SELECT username, user_ID, userlevel FROM user_data ORDER BY username";
    $user_list_result = mysql_query ($user_list_query);
    while ($user_list_row = mysql_fetch_assoc($user_list_result)) {
      print "
             <label for=\"level_$user_list_row[user_ID]\">$user_list_row[username]</label>
      ";
      if ($user_list_row['username'] != "csadmin") {
        print "
               <select id=\"level_$user_list_row[user_ID]\" name=\"level_$user_list_row[user_ID]\">
                <option value=\"0\""; if ($user_list_row['userlevel'] == 0) { print " selected"; }; print " >User</option>
                <option value=\"1\""; if ($user_list_row['userlevel'] == 1) { print " selected"; }; print " >Power User</option>
                <option value=\"2\""; if ($user_list_row['userlevel'] == 2) { print " selected"; }; print " >Admin</option>
               </select>
        ";
      } else {
         print "Admin";
      };
      print "
             <br />
      ";
    };
    print "
            <p><input type=\"image\" name=\"Update\" value=\"Update\" src=\"$ClearsiteBaseURL/images/update.png\"></p>
           </form>
           </fieldset>
    ";
  } else {
    print "<font class=\"admin_error\">You don't have permission to access this page.</font><p>";
  };
} else {
  print "<font class=\"admin_error\">Please Log In</font><p>";
};

?>
Return current item: Network Managment / Inventory System