<?php
//
//start everything needed
//
$root = '../';
$page_name = 'Manage users';
$page_file = basename(__FILE__);
$admin = 1;
include($root . "includes/common.php");
$page_mode = (isset($_GET['mode'])) ? $_GET['mode'] : '';
check_admin('3');
//
//Start the page
//
//dbstart(); //start databse --- already started
//
//Start the output of the page
//
admin_header('normal');
if($page_mode == 'submitdelete')
{
@$query1 = "DELETE FROM " . $table['users'] . " WHERE id='". $_GET['id'] ."'";
@$result1 = mysql_query($query1);
if (!$result1)
{
message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
}
echo("User deleted");
}
else if($page_mode == 'delete')
{
@$query1 = "SELECT * FROM " . $table['users'] . " WHERE id='". $_GET['id'] ."'";
@$result1 = mysql_query($query1);
@$id1 = mysql_result($result1,0,"id");
if (!$id1)
{
message("No such user exists", 'message');
}
$username1 = mysql_result($result1,0,"username");
message("Are you sure you want to delete " . $username1 . "? <a href=\"users.php?mode=submitdelete&id=" . $_GET['id'] . "\">yes</a>", 'message');
}
else if($page_mode == 'editsubmit')
{
if(empty($_POST['username']) || empty($_POST['style']))
{
message("Please go back and fill in all the required feilds (passwords aren't needed)", 'message');
$keep_going_empty = 0;
}
else
{
$keep_going_empty = 1;
}
if($_POST['delete'])
{
message("Are you sure you want to delete " . $_POST['username'] . "? <a href=\"users.php?mode=submitdelete&id=" . $_GET['id'] . "\">yes</a>", 'message');
}
if($keep_going_empty)
{
if(!empty($_POST['password']))
{
if($_POST['password'] == $_POST['passconfirm'])
{
$query1 = "UPDATE " . $table['users'] . " SET password='".$password."' WHERE id='" . $_GET['id'] . "'";
$result1 = mysql_query($query1);
if (!$result1)
{
message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
}
unset($query1);
unset($result1);
}
else
{
$message .= "The passwords didn't match";
}
}
$username = htmlspecialchars(addslashes($_POST['username']));
$email = htmlspecialchars(addslashes($_POST['email']));
$website = htmlspecialchars(addslashes($_POST['website']));
$occupation = htmlspecialchars(addslashes($_POST['occupation']));
$interests = htmlspecialchars(addslashes($_POST['interests']));
$style = htmlspecialchars(addslashes($_POST['style']));
$signature = htmlspecialchars(addslashes($_POST['signature']));
$level = htmlspecialchars(addslashes($_POST['level']));
$active = htmlspecialchars(addslashes($_POST['active']));
$avatar_upload = $_POST['avatar_upload'];
$avatar_link = $_POST['avatar_link'];
if(empty($avatar_upload) && empty($avatar_link))
{
$avatar = '0,';
}
else if(!empty($avatar_upload))
{
$avatar_info = explode(',', $site_data['avatar_info']);
$dir = @opendir($avatar_info['3']);
while( $file = @readdir($dir) )
{
if($file == $_FILES['avatar_upload']['name'])
{
$error = 1;
}
}
@closedir($dir);
$avatar_dimentions = GetImageSize($_FILES['avatar_upload']['tmp_name']);
if (($avatar_dimentions[0] > $avatar_dimentions['4']) || ($avatar_dimentions[1] > $avatar_info['4'])){
$error_to_large ="Your avatar is to big... please downsize it below 90x90";
}
if(($_FILES['avatar_upload']['type'] == 'image/gif' || $_FILES['avatar_upload']['type'] == 'image/pjpeg') && $_FILES['avatar_upload']['size'] < $avatar_info['6'] && !$error && !isset($error_to_large))
{
if(move_uploaded_file($_FILES['avatar_upload']['tmp_name'], $root.$avatar_info['3'] . "/" . $_FILES['avatar_upload']['name']))
{
$avatar = '1,' . $_FILES['avatar_upload']['name'];
}
else
{
print "hmm... Check your avatar dir is chmod(777) Here's some debugging info:\n";
print_r($_FILES);
}
}
else if($_FILES['avatar_upload']['size'] > $avatar_info['6'])
{
$message .= "Avatar size is to large<br />";
}
else if($error)
{
$message .= "Your avatar file name already exists. Please rename it and upload it again. (everything else has been updated)<br />";
}
else if(isset($error_to_large))
{
$message .= $error_to_large;
}
else
{
$message .= "Your avatar must be a .gif or .jpg (jpeg)<br />";
}
}
else if(!empty($avatar_link))
{
$avatar = "2," . $avatar_link;
}
if(!empty($avatar_upload) && !empty($avatar_link))
{
$message .= "You used both Link avatar and Upload avatar... The upload one was used<br />";
}
$query1 = "UPDATE " . $table['users'] . " SET username = '".$username."', email='".$email."', occupation='".$occupation."', interests='".$interests."', signature='".$signature."', avatar='".$avatar."', style='".$style."', level = '" . $level . "', active = '" . $active . "' WHERE id='" . $_GET['id'] . "'";
$result1 = mysql_query($query1);
if (!$result1)
{
message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
}
else
{
$message .= "Update succesful";
}
unset($query1);
unset($result1);
}
echo($message);
}
else if($page_mode == 'edit')
{
$user_id = (isset($_POST['id'])) ? $_POST['id'] : $_GET['id'];
@$query1 = "SELECT * FROM " . $table['users'] . " WHERE username='". $user_id ."'";
@$result1 = mysql_query($query1);
@$id1 = mysql_result($result1,0,"id");
if (!$id1)
{
message("No such user exists", 'message');
}
$username1 = mysql_result($result1,0,"username");
$email1 = text_edit(mysql_result($result1,0,"email"));
$website1 = mysql_result($result1,0,"website");
$occupation1 = mysql_result($result1,0,"occupation");
$interests1 = mysql_result($result1,0,"interests");
$signature1 = mysql_result($result1,0,"signature");
$avatar1 = mysql_result($result1,0,"avatar");
$style1 = mysql_result($result1,0,"style");
$level1 = mysql_result($result1,0,"level");
$active1 = mysql_result($result1,0,"active");
$avatar = $avatar1;
$avatar = explode(',', $avatar);
if(!$avatar['0'])
{
$avatar = "no avatar";
}
else
{
if($avatar['0'] == '2')
{
$avatar = "<img src=\"" . $avatar['1'] . "\">";
}
else
{
$avatar_data = explode(',', $site_data['avatar_info']);
$avatar = "<img src=\"" . $root.$avatar_data['3']."/".$avatar['1'] . "\">";
}
}
?>
<form action="<?php echo (get_sid('users.php?mode=editsubmit&id='.$id1)); ?>" method="post">
<table width="100%" border="1" cellspacing="4" cellpadding="4">
<tr>
<td width="40%">*Username:</td>
<td width="60%"><input type="text" name="username" value="<?php echo($username1); ?>"></td>
</tr>
<tr>
<td width="40%">New Password:</td>
<td width="60%"><input type="password" name="password" value=""></td>
</tr>
<tr>
<td width="40%">New Password Confirm:</td>
<td width="60%"><input type="password" name="passconfirm" value=""></td>
</tr>
<tr>
<td width="40%">*E-mail:</td>
<td width="60%"><input type="text" name="email" value="<?php echo($email1); ?>"></td>
</tr>
<tr>
<td width="40%">Web site:</td>
<td width="60%"><input type="text" name="website" value="<?php echo($website1); ?>"></td>
</tr>
<tr>
<td width="40%">Occupation:</td>
<td width="60%"><input type="text" name="occupation" value="<?php echo($occupation1); ?>"></td>
</tr>
<tr>
<td width="40%">Interests:</td>
<td width="60%"><input type="text" name="interests" value="<?php echo($interests1); ?>"></td>
</tr>
<tr>
<td width="40%">Style:</td>
<td width="60%"><?php styles_menu($style1); ?></td>
</tr>
<tr>
<td width="40%">Signature:</td>
<td width="60%"><textarea rows=5 cols=20 wrap="off" name="signature"><?php echo($signature1); ?></textarea></td>
</tr>
<?php
$avatar = explode(',', $site_data['avatar_info']);
if($avatar['0'] && ($avatar['1'] || $avatar['2']))
{
?>
<tr>
<td width="40%">Avatar:<br /><font size="-1">An avatar is a small image displayed under your name on all of your posts.</font></td>
<td width="60%">
<table width="100%">
<tr>
<td width="90%">
<?php
if($avatar['2'])
{
?>
Link: <input type="text" name="avatar_link">
<br>
<?php
}
if($avatar['1'])
{
?>
Upload: <input name="avatar_upload" type="file"></td>
<?php
}
?>
</td>
<td>
<div align="right"><?php echo($avatar); ?></div>
</td>
</tr>
</table>
</td>
</tr>
<?php
}
?>
<tr>
<td width="40%">User level:</td>
<td width="60%">
<?php
if($level1 == '1')
{
$user_checked = "SELECTED=\"selected\"";
$mod_checked = "";
$admin_checked = "";
}
else if($level1 == '2')
{
$user_checked = "";
$mod_checked = "SELECTED=\"selected\"";
$admin_checked = "";
}
else if($level1 == '3')
{
$user_checked = "";
$mod_checked = "";
$admin_checked = "SELECTED=\"selected\"";
}
?>
<select size="1" name="level">
<option value="1" <?php echo($user_checked); ?>>User</option>
<option value="2" <?php echo($mod_checked); ?>>MOD</option>
<option value="3" <?php echo($admin_checked); ?>>Admin</option>
</select></td>
</tr>
<tr>
<td width="40%">Active:</td>
<td width="60%">
<?php
if($active1)
{
?>
Yes: <input type="radio" value="1" checked name="active"> No:<input type="radio" value="0" name="active">
<?php
}
else
{
?>
Yes: <input type="radio" value="1" name="active"> No:<input type="radio" value="0" checked name="active">
<?php
}
?>
</td>
</tr>
<tr>
<td width="40%">DELETE user:</td>
<td width="60%"><input type="checkbox" name="delete" value="1"></td>
</tr>
<tr>
<td colspan="2"><center><input type="submit" value="Update"></center></td>
</tr>
</table>
*required feild
</form>
<?php
}
else
{
?>
<form action="users.php?mode=edit" method="post">
Edit a user: <input type="text" name="id" value=""> <input type="submit" value="Go">
</form>
<table width="100%" border="1">
<tr>
<td width="40%"><b>Username:</b></td>
<td width="30%"><b>Email:</b></td>
<td width="10%"><b>Active:</b></td>
<td width="20%"><b>Edit/delete:</b></td>
</tr>
<?php
$limit = '30';
$query1 = "SELECT * FROM " . $table['users'];
$result1 = mysql_query($query1);
if (!$result1)
{
message("Could not successfully run query ($query1) from DB: " . mysql_error(), 'die');
}
$totalrows = mysql_num_rows($result1);
if(!isset($_GET['page']))
{
$page = '1';
}
else
{
$page = $_GET['page'];
}
$limitvalue = $page * $limit - ($limit);
$query2 = "SELECT * FROM " . $table['users'] . " LIMIT $limitvalue, $limit";
$result2 = mysql_query($query2);
if (!$result1)
{
message("Could not successfully run query ($query2) from DB: " . mysql_error(), 'die');
}
while ($row = mysql_fetch_assoc($result2))
{
?>
<tr>
<td><?php echo($row['username']); ?></td>
<td><?php echo($row['email']); ?></td>
<td><?php if($row['active']) echo("<a href=\"users.php?mode=active&id=" . $row['id'] . "\">Yes</a>"); if(!$row['active']) echo("<a href=\"users.php?mode=active&id=" . $row['id'] . "&make=yes\">No</a>"); ?></td>
<td><a href="users.php?mode=edit&id=<?php echo($row['username']); ?>">Edit</a>/<a href="users.php?mode=delete&id=<?php echo($row['id']); ?>">DELETE</a>
</tr>
<?php
}
?>
</table>
<?php
if($totalrows > $limit)
{
if($page != 1)
{
$pageprev = $page - 1;
echo("<a href=\"users.php?page=" . $pageprev . "\">PREV</a> ");
}
else
{
echo("PREV ");
}
$numofpages = $totalrows / $limit;
for($i = 1; $i <= $numofpages; $i++)
{
if($i == $page)
{
echo($i." ");
}
else
{
echo("<a href=\"users.php?page=" . $i . "\">" . $i . "</a> ");
}
}
if(($totalrows % $limit) != 0)
{
if($i == $page)
{
echo($i." ");
}
else
{
echo("<a href=\"users.php?page=" . $i . "\">" . $i . "</a> ");
}
}
if(($totalrows - ($limit * $page)) > 0)
{
$pagenext = $page + 1;
echo("<a href=\"users.php?page=" . $pagenext . "\">NEXT</a>");
}
else
{
echo("NEXT");
}
}
}
admin_footer('normal');
//
//End the page
//
dbend(); //end the database
?>