Location: PHPKode > projects > phpBannerEx > user.php
<?
#################################################################################################
#
#  project              : phpBannerEx
#  filename             : user.php
#  last modified by     : 
#  e-mail               : hide@address.com
#  purpose              : User-Handling
#
#################################################################################################

#  Include Configs & Variables
#################################################################################################
require("admin/config.php");
require("library.php");

db_connect();
ReadConfig();

if($act == "mod_user_form" || $act == "mod_user") {
  $user = authorize();
}


function new_user_form() {
  global $lang;

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(newuserrules,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo get_msg(rules,$lang);
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
  echo "<br><br>\n";

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(adduser,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo "      <FORM ACTION=\"user.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
  echo "        <div class=\"mainleft\">".get_msg(username,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_name\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(firstname,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_fname\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(lastname,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_lname\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(email,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_mail\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"new_user\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "        <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
  echo "      </FORM>\n";
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
}

function new_user() {
  global $lang, $ur_name, $ur_pas1, $ur_pas2, $ur_fname, $ur_lname,
    $ur_mail, $notify_email;

  # check duplicate
  if($ur_name) {
    $sql = "SELECT ur_name FROM user WHERE ur_name='$ur_name'";
    $res = db_query($sql);
    $row = mysql_fetch_row($res);
    $dupname = ($row[0] == $ur_name);
  }
  if($ur_mail) {
    $sql = "SELECT ur_mail FROM user WHERE ur_mail='$ur_mail'";
    $res = db_query($sql);
    $row = mysql_fetch_row($res);
    $dupmail = ($row[0] == $ur_mail);
  }


  // Check Input
  if(!$ur_name || !$ur_fname || !$ur_lname || !$ur_mail || $dupname || $dupmail) {

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if($dupname)              { echo get_msg(error_userdup,$lang)."<br>\n"; }
    if($dupmail)              { echo get_msg(error_usermaildup,$lang)."<br>\n"; }
    if(!$ur_name)             { echo get_msg(error_emptyusername,$lang)."<br>\n"; }
    if(!$ur_fname)            { echo get_msg(error_emptyuserfname,$lang)."<br>\n"; }
    if(!$ur_lname)            { echo get_msg(error_emptyuserlname,$lang)."<br>\n"; }
    if(!$ur_mail)             { echo get_msg(error_emptyusermail,$lang)."<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

  } else {

    // What it does if the forms are all correct
    $ur_name = addslashesnew(strip_tags($ur_name));
    $ur_fname = addslashesnew(strip_tags($ur_fname));
    $ur_lname = addslashesnew(strip_tags($ur_lname));

    $ur_pasw = substr(md5($secret.time()), 1, 6);

    $sql = "INSERT INTO user
              (ur_name, ur_pasw, ur_fname, ur_lname, ur_mail) VALUES
              ('$ur_name', '$ur_pasw', '$ur_fname', '$ur_lname', '$ur_mail')";
    $res = db_query($sql);

    // takes out all slashes then sends out emails

    $ur_name = stripslashes($ur_name);
    $ur_fname = addslashesnew(strip_tags($ur_fname));
    $ur_lname = addslashesnew(strip_tags($ur_lname));

    mail_addnotifyuser($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail);
    if($notify_email){
      mail_addnotifyadm($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail);
    }

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(newuserthanks,$lang)."</b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>";
  }

  echo "<p>\n";
  echo "<FORM action=\"index.php\" method=\"POST\">\n";
  echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "</FORM>\n";
  echo "<p>\n";
}

function mod_user_form() {
  global $user, $lang;

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(edituser,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo "      <FORM ACTION=\"user.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
  echo "        <div class=\"mainleft\">".get_msg(firstname,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_fname\" VALUE=\"$user[ur_fname]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(lastname,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_lname\" VALUE=\"$user[ur_lname]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(email,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_mail\" VALUE=\"$user[ur_mail]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(password,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"password\" NAME=\"ur_pasw1\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(retype,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"password\" NAME=\"ur_pasw2\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"mod_user\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "        <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
  echo "      </FORM>\n";
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
}

function mod_user() {
  global $lang, $ur_pasw1, $ur_pasw2, $ur_fname, $ur_lname,
    $ur_mail, $notify_email,$user;

  # check duplicate
  if($ur_mail) {
    $sql = "SELECT ur_mail FROM user WHERE ur_mail='$ur_mail' AND ur_id!=$user[ur_id]";
    $res = db_query($sql);
    $row = mysql_fetch_row($res);
    $dupmail = ($row[0] == $ur_mail);
  }


  // Check Input
  if(!$ur_fname || !$ur_lname || !$ur_mail ||
    $ur_pasw1 != $ur_pasw2 || $dupmail) {

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if($dupmail)               { echo get_msg(error_usermaildup,$lang)."<br>\n"; }
    if(!$ur_fname)             { echo get_msg(error_emptyuserfname,$lang)."<br>\n"; }
    if(!$ur_lname)             { echo get_msg(error_emptyuserlname,$lang)."<br>\n"; }
    if(!$ur_mail)              { echo get_msg(error_emptyusermail,$lang)."<br>\n"; }
    if($ur_pasw1 != $ur_pasw2) { echo get_msg(error_nomachuserpasw,$lang)."<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

  } else {

    // What it does if the forms are all correct
    $ur_fname = addslashesnew(strip_tags($ur_fname));
    $ur_lname = addslashesnew(strip_tags($ur_lname));

    $sql = "UPDATE user SET ur_fname='$ur_fname', ur_lname='$ur_lname',
      ur_mail='$ur_mail'";
    if($ur_pasw1) { $sql .= ", ur_pasw='$ur_pasw1'"; }
    $sql .= " WHERE ur_id='$user[ur_id]'";
    $res = db_query($sql);

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(moduserthanks,$lang)."</b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>";

  }

  echo "<p>\n";
  echo "<FORM action=\"index.php\" method=\"POST\">\n";
  echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "</FORM>\n";
  echo "<p>\n";
}

function forgot_pasw_form() {
  global $lang;

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(forgotpasw,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo "      <FORM ACTION=\"user.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
  echo "        <div class=\"mainleft\">".get_msg(username,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_name\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(email,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"ur_mail\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"forgot_pasw\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "        <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
  echo "      </FORM>\n";
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
}

function forgot_pasw() {
  global $ur_name, $ur_mail, $lang;

  $sql = "SELECT ur_name, ur_mail, ur_pasw FROM user WHERE ur_name='$ur_name' AND
    ur_mail='$ur_mail'";
  $res = db_query($sql);
  $row = mysql_fetch_array($res);

  $no_user = $ur_name != $row[ur_name];

  // Check Input
  if(!$ur_name || !$ur_mail || $no_user) {

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if(!$ur_name)             { echo get_msg(error_emptyusername,$lang)."<br>\n"; }
    if(!$ur_mail)             { echo get_msg(error_emptyusermail,$lang)."<br>\n"; }
    if($no_user)              { echo get_msg(error_nouser,$lang)."<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

  } else {

    mail_forgotpasw($row[ur_name], $row[ur_mail], $row[ur_pasw]);

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(paswsend,$lang)."</b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>";
  }

  echo "<p>\n";
  echo "<FORM action=\"index.php\" method=\"POST\">\n";
  echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "</FORM>\n";
  echo "<p>\n";
}

include($addheader);

if(!$act) { new_user_form(); }

if($act == "new_user_form") { new_user_form(); }
if($act == "new_user")      { new_user(); }

if($act == "mod_user_form") { mod_user_form(); }
if($act == "mod_user")      { mod_user(); }

if($act == "forgot_pasw_form") { forgot_pasw_form(); }
if($act == "forgot_pasw")      { forgot_pasw(); }

include("$addfooter");
?>
Return current item: phpBannerEx