<?php
/* +--------------------------------------------
* |
* | Product: PHPEchoCMS
* | Author: Anas Husseini
* | License: GPL
* | Last updated: 06.04.07
* | For version: 2.0
* | Desc: Admin permissions admin module
* |
* +--------------------------------------------
*/
if( !ADMIN_LOAD )
{
die( "Base not loaded!" );
}
$mlang = $core->getlang("admin_adminperms");
echo "<br><br><center><font size='4'><b><u>".$mlang['003']."</u></b></font></center><br>";
// When user name is submitted, User Data will be displayed
if (@$_POST['user'])
{
if ($_POST['check1'])
{ // If admin chooses to use wildcards, a selection list will be displayed
$wilduser = str_replace('*', '%', addslashes($_POST['user']));
$profile = query("select `username` from `".PREFIX."users` where `username` like '".$wilduser."'", 1);
if (mysql_num_rows($profile)>0)
{
echo "<center><table width='50%' class='border'>";
echo "<tr><td width='100%' class='title'>".$mlang['001']."</td></tr>";
echo "<tr><td><center><form action='' method='post'><select name='user'>";
while ($wuser = mysql_fetch_array($profile))
echo "<option value='".$wuser['username']."'>".$wuser['username']."</option>";
echo "</select> <input type=submit value='".$mlang['004']."'></form></center></td></tr></table><br></center>";
}
else
{
echo $mlang['005']."<br>";
}
}
// Otherwise, he is guided directly to the Admin Permissions page
else
{
$profile = query("select * from `".PREFIX."users` where `username` = '".addslashes($_POST['user'])."'", 4);
if (@$profile['id'])
{
$perms = query("select * from `".PREFIX."admin_perms` where `id`=".$profile['id'], 4);
$per = $perms['perms'];
$mlang2 = $core->getlang("admin");
$list2 = array('005', '006', '017', '007', '008', '009', '010', '011', '018', '019');
echo "<form action='' method='post'>";
echo "<table width='100%' class='border'>";
echo "<tr><td width='100%' class='title'>".$mlang['008']."<b>".$profile['username']."</b></td></tr>";
echo "<tr></tr>";
for ($i=0; $i<strlen($per); $i++)
{
if (substr($per, $i, 1) == '1')
{
$s1 = "selected='selected'";
$s2 = "";
}
else
{
$s2 = "selected='selected'";
$s1 = "";
}
echo "<tr><td><table width='100%'><tr><td width='20%'>".$mlang2[$list2[$i]].":</td><td>";
echo "<select name='sel".$i."'>";
echo "<option value='1' ".$s1.">".$mlang['009']."</option>";
echo "<option value='0' ".$s2.">".$mlang['010']."</option>";
echo "</select></td></tr></table></td></tr>";
}
echo "</table>";
echo "<input type=hidden name='num' value=".strlen($per).">";
echo "<input type=hidden name='id' value=".$profile['id'].">";
echo "<input type=submit value='".$mlang['006']."'></form><br>";
}
else
echo $mlang['005']."<br>";
}
}
elseif (@$_POST['sel0'] && $_POST['num'] && $_POST['id'])
{
$per = "";
$cc = 0;
for ($j=0; $j<$_POST['num']; $j++)
{
$per .= $_POST['sel'.$j];
if ($_POST['sel'.$j] == '1')
$cc++;
}
if ($cc == 0)
query ("update `".PREFIX."users` set `admin_level`=0 where `id`=".addslashes($_POST['id']), 1);
else
query ("update `".PREFIX."users` set `admin_level`=1 where `id`=".addslashes($_POST['id']), 1);
query ("update `".PREFIX."admin_perms` set `perms`='".addslashes($per)."' where `id`=".addslashes($_POST['id']), 1);
echo $mlang['011']."<br>";
}
else
{ // Displaying the main menu
echo "<form action='' method='post'><center><table width='50%' class='border'>";
echo "<tr><td width='100%' class='title'>".$mlang['001']."</td></tr>";
echo "<tr><td><input type=text name='user' value=''> <input type=submit value='".
$mlang['002']."'></td></tr>";
echo "<tr><td><input type=checkbox name='check1' value='wildcards'>".$mlang['007']."</td></tr>";
echo "</td></tr></table></center></form><br>";
}
?>