Location: PHPKode > projects > PhpFamilyTree > phpfamilytree/ft_user_admin.php
<?
# ft_user_admin.php - Manage users
# $Id: ft_user_admin.php,v 1.1.1.1 2004/01/01 05:51:24 rocket_169 Exp $
#
# Copyright (c) 2003 The phpFamilyTree Project Team
# Licensed under the GNU GPL. For full terms see the file COPYING.
#
# http://www.phpfamilytree.org
#

require_once ("config.php");
require_once ("functions.php");
require_once ("header.php");

$thispage = "ft_user_admin.php";
$action = $_GET["action"];
$id = substr($_GET["id"],0,10);
$form = $_POST["form"];
$username = str_replace("\"","'",$_POST["username"]);
$password = str_replace("\"","'",$_POST["password"]);
$newpassword = str_replace("\"","'",$_POST["newpassword"]);
$admin = $_POST["admin"];
if ($admin=="on" or $admin=="1") { $admin=1; } else { $admin=0;}

if(!logged_in()) {
		print "<font color=red>You are not logged in</font>";
		exit;
}


if ($newpassword) {
	if ($newpassword != $password) {
		print "<font color=red>Password mismatch</font>";
		$form="";
	}
}


# PROCESS FORM
if ($form=="form" and logged_in()) {
	$id = substr($_POST["id"],0,10);
	if ($id) {
		if ($password) {
			mysql_query("UPDATE ft_users SET password=MD5(\"$password\"), admin=$admin WHERE username=\"$username\"") or die(mysql_error());
		} else {
			if (isadmin()) {
				mysql_query("UPDATE ft_users SET admin=$admin WHERE username=\"$username\"") or die(mysql_error());
			}
		}
	} else {
		if (isadmin()) {
			mysql_query("INSERT INTO ft_users SET username=\"$username\", password=MD5(\"$password\"), admin=$admin") or die(mysql_error());
		}
	}
}

# DELETE USER
if ($action == "del" and isadmin()) {
	mysql_query("DELETE FROM ft_users WHERE id=$id LIMIT 1") or die(mysql_error());
}

# MAIN TABLE
print "<table width=\"100%\" border=\"0\"><tr>";
print "<td valign=\"top\" id=\"leftpanel\">";

# CHANGE MY PASSWORD
print "<h3>Change My Password</h3>";

$rs=mysql_query("SELECT id, username, admin FROM ft_users") or die(mysql_error());
if ($user = mysql_fetch_array($rs)) {
	?>	<form action="<? print $thispage ?>" method="post">
		<input type="hidden" name="form" value="form">
		<input type="hidden" name="id" value="<? print $user["id"] ?>">
		<input type="hidden" name="username" value="<? print username(); ?>">
		<input type="hidden" name="admin" value="<? print isadmin(); ?>">
	<?
	print "<table width=\"50%\"><tr><td colspan=\"2\"></td></tr>";
	print "<tr><td>New password</td><td><input type=\"password\" name=\"newpassword\"></td></tr>";
	print "<tr><td>Re-enter</td><td><input type=\"password\" name=\"password\"></td></tr>";
	print "<tr><td></td><td><input type=\"submit\" value=\"Submit\"></td><tr>";
	print "</form>";
}
print "</table>";


# USER ADMINISTRATION
if (isadmin()) {

	print "<h3>User Administration</h3>";
	print "<table width=\"50%\">
	<tr>
	<td>Username</td>
	<td>Administrator</td>
	<td>New Password</td>
	<td></td>
	</tr>";

	$rs=mysql_query("SELECT id, username, admin FROM ft_users WHERE username != \"".$_SESSION["authdata"]["username"]."\"") or die(mysql_error());

	while ($user = mysql_fetch_array($rs)) {
		?>	<form action="<? print $thispage ?>" method="post">
			<input type="hidden" name="form" value="form">
			<input type="hidden" name="id" value="<? print $user["id"] ?>">
			<input type="hidden" name="username" value="<? print $user["username"] ?>">
		<?
		print "<tr><td>";
		print "{$user["username"]}";
		if (0==0) {
			print "&nbsp;&nbsp;<a href=\"$thispage?action=del&id={$user["id"]}\">Delete</a>";
		}
		print "</td>";
		print "<td><input type=\"checkbox\" name=\"admin\" value=\"on\" ";
		if ($user["admin"]) { print " CHECKED"; }
		print "></td>";
		print "<td><input type=\"password\" name=\"password\"></td>";
		print "<td><input type=\"submit\" value=\"Submit\"></td>";
		print "</tr></form>";
	}
	print "</table>";


	# NEW USER FORM
	print "<h3>Create New User</h3>";
	print "<form action=\"".$thispage."\" method=\"post\">";
	print "<table width=\"50%\">";
	print "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>";
	print "<tr><td>New Password</td><td><input type=\"password\" name=\"password\"></td></tr>";
	print "<tr><td>Administrator</td><td><input type=\"checkbox\" name=\"admin\" value=\"on\"></td></tr>";
	print "<tr><td></td><td><input type=\"hidden\" name=\"form\" value=\"form\">";
	print "<input type=\"submit\" value=\"Submit\"></td></tr>";
	print "</table>";
	print "</form>";

}

require_once ("footer.php");
?>
Return current item: PhpFamilyTree