Location: PHPKode > projects > Nitrotech > nitrotech/admin/users.php
<?php

//
//start everything needed
//
$root = '../';
$page_name = 'Manage users';
$page_file = basename(__FILE__);

$admin = 1;

include($root . "includes/common.php");

$page_mode = (isset($_GET['mode'])) ? $_GET['mode'] : '';

check_admin('3');

//
//Start the page
//

//dbstart();  //start databse     --- already started

//
//Start the output of the page
//

admin_header('normal');

if($page_mode == 'submitdelete')
{
    @$query1 = "DELETE FROM " . $table['users'] . " WHERE id='". $_GET['id'] ."'";
	@$result1 = mysql_query($query1);
    if (!$result1)
	{
		message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	}
    echo("User deleted");
}
else if($page_mode == 'delete')
{
    @$query1 = "SELECT * FROM " . $table['users'] . " WHERE id='". $_GET['id'] ."'";
	@$result1 = mysql_query($query1);


    @$id1 = mysql_result($result1,0,"id");
	    if (!$id1)
	    {
	        message("No such user exists", 'message');
	    }
	$username1 = mysql_result($result1,0,"username");
         	message("Are you sure you want to delete " . $username1 . "? <a href=\"users.php?mode=submitdelete&id=" . $_GET['id'] . "\">yes</a>", 'message');
}
else if($page_mode == 'editsubmit')
{
	    if(empty($_POST['username']) || empty($_POST['style']))
	    {
	        message("Please go back and fill in all the required feilds (passwords aren't needed)", 'message');
	        $keep_going_empty = 0;
	    }
	    else
	    {
	        $keep_going_empty = 1;
	    }

        if($_POST['delete'])
        {
         	message("Are you sure you want to delete " . $_POST['username'] . "? <a href=\"users.php?mode=submitdelete&id=" . $_GET['id'] . "\">yes</a>", 'message');
        }



 	    if($keep_going_empty)
	    {

	        if(!empty($_POST['password']))
	        {
	                if($_POST['password'] == $_POST['passconfirm'])
	                {
	                    $query1 = "UPDATE " . $table['users'] . " SET password='".$password."' WHERE id='" . $_GET['id'] . "'";
	                    $result1 = mysql_query($query1);
	                    if (!$result1)
	                    {
	                        message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	                    }
	                    unset($query1);
	                    unset($result1);
	                }
                    else
                    {
                    	$message .= "The passwords didn't match";
                    }
	        }

            $username = htmlspecialchars(addslashes($_POST['username']));
	        $email = htmlspecialchars(addslashes($_POST['email']));
	        $website = htmlspecialchars(addslashes($_POST['website']));
	        $occupation = htmlspecialchars(addslashes($_POST['occupation']));
	        $interests = htmlspecialchars(addslashes($_POST['interests']));
	        $style = htmlspecialchars(addslashes($_POST['style']));
	        $signature = htmlspecialchars(addslashes($_POST['signature']));
	        $level = htmlspecialchars(addslashes($_POST['level']));
            $active = htmlspecialchars(addslashes($_POST['active']));

	        $avatar_upload = $_POST['avatar_upload'];
	        $avatar_link = $_POST['avatar_link'];

	        if(empty($avatar_upload) && empty($avatar_link))
	        {
	            $avatar = '0,';
	        }
	        else if(!empty($avatar_upload))
	        {
	            $avatar_info = explode(',', $site_data['avatar_info']);

	            $dir = @opendir($avatar_info['3']);
	            while( $file = @readdir($dir) )
	            {
	                if($file == $_FILES['avatar_upload']['name'])
	                {
	                    $error = 1;
	                }
	            }
	            @closedir($dir);


	            $avatar_dimentions = GetImageSize($_FILES['avatar_upload']['tmp_name']);

	            if (($avatar_dimentions[0] > $avatar_dimentions['4']) || ($avatar_dimentions[1] > $avatar_info['4'])){
	                $error_to_large ="Your avatar is to big... please downsize it below 90x90";
	            }

	            if(($_FILES['avatar_upload']['type'] == 'image/gif' || $_FILES['avatar_upload']['type'] == 'image/pjpeg') && $_FILES['avatar_upload']['size'] < $avatar_info['6'] && !$error && !isset($error_to_large))
	            {
	                if(move_uploaded_file($_FILES['avatar_upload']['tmp_name'], $root.$avatar_info['3'] . "/" . $_FILES['avatar_upload']['name']))
	                {
	                    $avatar = '1,' . $_FILES['avatar_upload']['name'];
	                }
	                else
	                {
	                    print "hmm... Check your avatar dir is chmod(777)  Here's some debugging info:\n";
	                    print_r($_FILES);
	                }
	            }
	            else if($_FILES['avatar_upload']['size'] > $avatar_info['6'])
	            {
	                $message .= "Avatar size is to large<br />";
	            }
	            else if($error)
	            {
	                $message .= "Your avatar file name already exists. Please rename it and upload it again. (everything else has been updated)<br />";
	            }
	            else if(isset($error_to_large))
	            {
	                $message .= $error_to_large;
	            }
	            else
	            {
	                $message .= "Your avatar must be a .gif or .jpg (jpeg)<br />";
	            }
	        }
	        else if(!empty($avatar_link))
	        {
	            $avatar = "2," . $avatar_link;
	        }
	        if(!empty($avatar_upload) && !empty($avatar_link))
	        {
	            $message .= "You used both Link avatar and Upload avatar... The upload one was used<br />";
	        }

	        $query1 = "UPDATE " . $table['users'] . " SET username = '".$username."', email='".$email."', occupation='".$occupation."', interests='".$interests."', signature='".$signature."', avatar='".$avatar."', style='".$style."', level = '" . $level . "', active = '" . $active . "' WHERE id='" . $_GET['id'] . "'";
	        $result1 = mysql_query($query1);
	        if (!$result1)
	        {
	            message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	        }
	        else
	        {
	            $message .= "Update succesful";
	        }

	        unset($query1);
	        unset($result1);
	    }

	    echo($message);
}
else if($page_mode == 'edit')
{
	$user_id = (isset($_POST['id'])) ? $_POST['id'] : $_GET['id'];

    @$query1 = "SELECT * FROM " . $table['users'] . " WHERE username='". $user_id ."'";
	@$result1 = mysql_query($query1);


    @$id1 = mysql_result($result1,0,"id");
	    if (!$id1)
	    {
	        message("No such user exists", 'message');
	    }
	$username1 = mysql_result($result1,0,"username");
	$email1 = text_edit(mysql_result($result1,0,"email"));
	$website1 = mysql_result($result1,0,"website");
	$occupation1 = mysql_result($result1,0,"occupation");
	$interests1 = mysql_result($result1,0,"interests");
	$signature1 = mysql_result($result1,0,"signature");
	$avatar1 = mysql_result($result1,0,"avatar");
	$style1 = mysql_result($result1,0,"style");
	$level1 = mysql_result($result1,0,"level");
	$active1 = mysql_result($result1,0,"active");

	    $avatar = $avatar1;
	    $avatar = explode(',', $avatar);

	    if(!$avatar['0'])
	    {
			$avatar = "no avatar";
	    }
	    else
	    {
	        if($avatar['0'] == '2')
	        {
	            $avatar = "<img src=\"" . $avatar['1'] . "\">";
	        }
	        else
	        {
	            $avatar_data = explode(',', $site_data['avatar_info']);
	            $avatar = "<img src=\"" . $root.$avatar_data['3']."/".$avatar['1'] . "\">";
	        }
	    }
?>
	<form action="<?php echo (get_sid('users.php?mode=editsubmit&id='.$id1)); ?>" method="post">
	<table width="100%" border="1" cellspacing="4" cellpadding="4">
	    <tr>
	        <td width="40%">*Username:</td>
	        <td width="60%"><input type="text" name="username" value="<?php echo($username1); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">New Password:</td>
	        <td width="60%"><input type="password" name="password" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">New Password Confirm:</td>
	        <td width="60%"><input type="password" name="passconfirm" value=""></td>
	    </tr>
	    <tr>
	        <td width="40%">*E-mail:</td>
	        <td width="60%"><input type="text" name="email" value="<?php echo($email1); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Web site:</td>
	        <td width="60%"><input type="text" name="website" value="<?php echo($website1); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Occupation:</td>
	        <td width="60%"><input type="text" name="occupation" value="<?php echo($occupation1); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Interests:</td>
	        <td width="60%"><input type="text" name="interests" value="<?php echo($interests1); ?>"></td>
	    </tr>
	    <tr>
	        <td width="40%">Style:</td>
	        <td width="60%"><?php styles_menu($style1); ?></td>
	    </tr>
	    <tr>
	        <td width="40%">Signature:</td>
	        <td width="60%"><textarea rows=5 cols=20 wrap="off" name="signature"><?php echo($signature1); ?></textarea></td>
	    </tr>
	<?php

	$avatar = explode(',', $site_data['avatar_info']);
	if($avatar['0'] && ($avatar['1'] || $avatar['2']))
	{
	?>
	    <tr>
	        <td width="40%">Avatar:<br /><font size="-1">An avatar is a small image displayed under your name on all of your posts.</font></td>
	        <td width="60%">
	        <table width="100%">
	            <tr>
	                <td width="90%">
	<?php
	if($avatar['2'])
	{
	?>
	                Link: <input type="text" name="avatar_link">
	                <br>
	<?php
	}
	if($avatar['1'])
	{
	?>
	                Upload: <input name="avatar_upload" type="file"></td>
	<?php
	}
	?>
	                </td>
	                <td>
	                <div align="right"><?php echo($avatar); ?></div>
	                </td>
	            </tr>
	        </table>
	        </td>
	    </tr>
	<?php
	}
	?>
	    <tr>
	        <td width="40%">User level:</td>
	        <td width="60%">
<?php

if($level1 == '1')
{
	$user_checked = "SELECTED=\"selected\"";
	$mod_checked = "";
    $admin_checked = "";
}
else if($level1 == '2')
{
	$user_checked = "";
	$mod_checked = "SELECTED=\"selected\"";
    $admin_checked = "";
}
else if($level1 == '3')
{
	$user_checked = "";
	$mod_checked = "";
    $admin_checked = "SELECTED=\"selected\"";
}

?>
<select size="1" name="level">
  <option value="1" <?php echo($user_checked); ?>>User</option>
  <option value="2" <?php echo($mod_checked); ?>>MOD</option>
  <option value="3" <?php echo($admin_checked); ?>>Admin</option>
</select></td>
	    </tr>
	    <tr>
	        <td width="40%">Active:</td>
	        <td width="60%">
<?php
if($active1)
{
?>
Yes: <input type="radio" value="1" checked name="active"> No:<input type="radio" value="0" name="active">
<?php
}
else
{
?>
Yes: <input type="radio" value="1" name="active"> No:<input type="radio" value="0" checked name="active">
<?php
}
?>
</td>
	    </tr>
	    <tr>
	        <td width="40%">DELETE user:</td>
	        <td width="60%"><input type="checkbox" name="delete" value="1"></td>
	    </tr>
	    <tr>
	        <td colspan="2"><center><input type="submit" value="Update"></center></td>
	    </tr>
	</table>
	*required feild
	</form>
<?php

}
else
{

?>


<form action="users.php?mode=edit" method="post">
Edit a user: <input type="text" name="id" value=""> <input type="submit" value="Go">
</form>
<table width="100%" border="1">
	<tr>
    	<td width="40%"><b>Username:</b></td>
        <td width="30%"><b>Email:</b></td>
        <td width="10%"><b>Active:</b></td>
        <td width="20%"><b>Edit/delete:</b></td>
    </tr>
<?php

	$limit = '30';
	$query1 = "SELECT * FROM " . $table['users'];
	$result1 = mysql_query($query1);
    if (!$result1)
	{
		message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
	}
    $totalrows = mysql_num_rows($result1);

    if(!isset($_GET['page']))
    {
        $page = '1';
    }
    else
    {
    	$page = $_GET['page'];
    }

    $limitvalue = $page * $limit - ($limit);

	$query2 = "SELECT * FROM " . $table['users'] . " LIMIT $limitvalue, $limit";
	$result2 = mysql_query($query2);
    if (!$result1)
	{
		message("Could not successfully run query ($query2) from DB: " . mysql_error(), 'die');
	}

	while ($row = mysql_fetch_assoc($result2))
	{
?>
	<tr>
    	<td><?php echo($row['username']); ?></td>
        <td><?php echo($row['email']); ?></td>
        <td><?php if($row['active']) echo("<a href=\"users.php?mode=active&id=" . $row['id'] . "\">Yes</a>"); if(!$row['active']) echo("<a href=\"users.php?mode=active&id=" . $row['id'] . "&make=yes\">No</a>"); ?></td>
        <td><a href="users.php?mode=edit&id=<?php echo($row['username']); ?>">Edit</a>/<a href="users.php?mode=delete&id=<?php echo($row['id']); ?>">DELETE</a>
    </tr>
<?php
	}
?>
</table>
<?php
	if($totalrows > $limit)
	{
	    if($page != 1)
	    {
	        $pageprev = $page - 1;

	        echo("<a href=\"users.php?page=" . $pageprev . "\">PREV</a> ");
	    }
	    else
	    {
	        echo("PREV ");
	    }

	    $numofpages = $totalrows / $limit;

	    for($i = 1; $i <= $numofpages; $i++)
	    {
	        if($i == $page)
	        {
	            echo($i." ");
	        }
	        else
	        {
	            echo("<a href=\"users.php?page=" . $i . "\">" . $i . "</a> ");
	        }
	    }


	    if(($totalrows % $limit) != 0)
	    {
	        if($i == $page)
	        {
	            echo($i." ");
	        }
	        else
	        {
	            echo("<a href=\"users.php?page=" . $i . "\">" . $i . "</a> ");
	        }
	    }

	    if(($totalrows - ($limit * $page)) > 0)
	    {
	        $pagenext = $page + 1;

	        echo("<a href=\"users.php?page=" . $pagenext . "\">NEXT</a>");
	    }
	    else
	    {
	        echo("NEXT");
	    }
    }
}

admin_footer('normal');

//
//End the page
//

dbend(); //end the database

?>
Return current item: Nitrotech