<?
#################################################################################################
#
# project : phpBannerEx
# filename : user.php
# last modified by :
# e-mail : hide@address.com
# purpose : User-Handling
#
#################################################################################################
# Include Configs & Variables
#################################################################################################
require("admin/config.php");
require("library.php");
db_connect();
ReadConfig();
if($act == "mod_user_form" || $act == "mod_user") {
$user = authorize();
}
function new_user_form() {
global $lang;
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\"><center><b>".get_msg(newuserrules,$lang)."</b></center></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo get_msg(rules,$lang);
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<br><br>\n";
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\"><center><b>".get_msg(adduser,$lang)."</b></center></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <FORM ACTION=\"user.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
echo " <div class=\"mainleft\">".get_msg(username,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_name\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(firstname,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_fname\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(lastname,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_lname\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(email,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_mail\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"new_user\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo " <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
echo " </FORM>\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
}
function new_user() {
global $lang, $ur_name, $ur_pas1, $ur_pas2, $ur_fname, $ur_lname,
$ur_mail, $notify_email;
# check duplicate
if($ur_name) {
$sql = "SELECT ur_name FROM user WHERE ur_name='$ur_name'";
$res = db_query($sql);
$row = mysql_fetch_row($res);
$dupname = ($row[0] == $ur_name);
}
if($ur_mail) {
$sql = "SELECT ur_mail FROM user WHERE ur_mail='$ur_mail'";
$res = db_query($sql);
$row = mysql_fetch_row($res);
$dupmail = ($row[0] == $ur_mail);
}
// Check Input
if(!$ur_name || !$ur_fname || !$ur_lname || !$ur_mail || $dupname || $dupmail) {
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <td class=\"standard\">\n";
if($dupname) { echo get_msg(error_userdup,$lang)."<br>\n"; }
if($dupmail) { echo get_msg(error_usermaildup,$lang)."<br>\n"; }
if(!$ur_name) { echo get_msg(error_emptyusername,$lang)."<br>\n"; }
if(!$ur_fname) { echo get_msg(error_emptyuserfname,$lang)."<br>\n"; }
if(!$ur_lname) { echo get_msg(error_emptyuserlname,$lang)."<br>\n"; }
if(!$ur_mail) { echo get_msg(error_emptyusermail,$lang)."<br>\n"; }
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</center>\n";
} else {
// What it does if the forms are all correct
$ur_name = addslashesnew(strip_tags($ur_name));
$ur_fname = addslashesnew(strip_tags($ur_fname));
$ur_lname = addslashesnew(strip_tags($ur_lname));
$ur_pasw = substr(md5($secret.time()), 1, 6);
$sql = "INSERT INTO user
(ur_name, ur_pasw, ur_fname, ur_lname, ur_mail) VALUES
('$ur_name', '$ur_pasw', '$ur_fname', '$ur_lname', '$ur_mail')";
$res = db_query($sql);
// takes out all slashes then sends out emails
$ur_name = stripslashes($ur_name);
$ur_fname = addslashesnew(strip_tags($ur_fname));
$ur_lname = addslashesnew(strip_tags($ur_lname));
mail_addnotifyuser($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail);
if($notify_email){
mail_addnotifyadm($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail);
}
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(newuserthanks,$lang)."</b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>";
}
echo "<p>\n";
echo "<FORM action=\"index.php\" method=\"POST\">\n";
echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "</FORM>\n";
echo "<p>\n";
}
function mod_user_form() {
global $user, $lang;
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\"><center><b>".get_msg(edituser,$lang)."</b></center></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <FORM ACTION=\"user.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
echo " <div class=\"mainleft\">".get_msg(firstname,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_fname\" VALUE=\"$user[ur_fname]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(lastname,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_lname\" VALUE=\"$user[ur_lname]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(email,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_mail\" VALUE=\"$user[ur_mail]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(password,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"password\" NAME=\"ur_pasw1\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(retype,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"password\" NAME=\"ur_pasw2\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"mod_user\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo " <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
echo " </FORM>\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
}
function mod_user() {
global $lang, $ur_pasw1, $ur_pasw2, $ur_fname, $ur_lname,
$ur_mail, $notify_email,$user;
# check duplicate
if($ur_mail) {
$sql = "SELECT ur_mail FROM user WHERE ur_mail='$ur_mail' AND ur_id!=$user[ur_id]";
$res = db_query($sql);
$row = mysql_fetch_row($res);
$dupmail = ($row[0] == $ur_mail);
}
// Check Input
if(!$ur_fname || !$ur_lname || !$ur_mail ||
$ur_pasw1 != $ur_pasw2 || $dupmail) {
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <td class=\"standard\">\n";
if($dupmail) { echo get_msg(error_usermaildup,$lang)."<br>\n"; }
if(!$ur_fname) { echo get_msg(error_emptyuserfname,$lang)."<br>\n"; }
if(!$ur_lname) { echo get_msg(error_emptyuserlname,$lang)."<br>\n"; }
if(!$ur_mail) { echo get_msg(error_emptyusermail,$lang)."<br>\n"; }
if($ur_pasw1 != $ur_pasw2) { echo get_msg(error_nomachuserpasw,$lang)."<br>\n"; }
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</center>\n";
} else {
// What it does if the forms are all correct
$ur_fname = addslashesnew(strip_tags($ur_fname));
$ur_lname = addslashesnew(strip_tags($ur_lname));
$sql = "UPDATE user SET ur_fname='$ur_fname', ur_lname='$ur_lname',
ur_mail='$ur_mail'";
if($ur_pasw1) { $sql .= ", ur_pasw='$ur_pasw1'"; }
$sql .= " WHERE ur_id='$user[ur_id]'";
$res = db_query($sql);
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(moduserthanks,$lang)."</b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>";
}
echo "<p>\n";
echo "<FORM action=\"index.php\" method=\"POST\">\n";
echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "</FORM>\n";
echo "<p>\n";
}
function forgot_pasw_form() {
global $lang;
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\"><center><b>".get_msg(forgotpasw,$lang)."</b></center></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <FORM ACTION=\"user.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
echo " <div class=\"mainleft\">".get_msg(username,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_name\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <div class=\"mainleft\">".get_msg(email,$lang).":<br></div>\n";
echo " <INPUT TYPE=\"text\" NAME=\"ur_mail\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
echo " <br>\n";
echo " <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"forgot_pasw\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo " <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
echo " </FORM>\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
}
function forgot_pasw() {
global $ur_name, $ur_mail, $lang;
$sql = "SELECT ur_name, ur_mail, ur_pasw FROM user WHERE ur_name='$ur_name' AND
ur_mail='$ur_mail'";
$res = db_query($sql);
$row = mysql_fetch_array($res);
$no_user = $ur_name != $row[ur_name];
// Check Input
if(!$ur_name || !$ur_mail || $no_user) {
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <td class=\"standard\">\n";
if(!$ur_name) { echo get_msg(error_emptyusername,$lang)."<br>\n"; }
if(!$ur_mail) { echo get_msg(error_emptyusermail,$lang)."<br>\n"; }
if($no_user) { echo get_msg(error_nouser,$lang)."<br>\n"; }
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</center>\n";
} else {
mail_forgotpasw($row[ur_name], $row[ur_mail], $row[ur_pasw]);
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(paswsend,$lang)."</b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>";
}
echo "<p>\n";
echo "<FORM action=\"index.php\" method=\"POST\">\n";
echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "</FORM>\n";
echo "<p>\n";
}
include($addheader);
if(!$act) { new_user_form(); }
if($act == "new_user_form") { new_user_form(); }
if($act == "new_user") { new_user(); }
if($act == "mod_user_form") { mod_user_form(); }
if($act == "mod_user") { mod_user(); }
if($act == "forgot_pasw_form") { forgot_pasw_form(); }
if($act == "forgot_pasw") { forgot_pasw(); }
include("$addfooter");
?>