Location: PHPKode > projects > PSlash > pslash-0.70/html/admin/user.php
<?
###############################################################################
# Copyright (C) 2000  Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating 
# that you changed the files and the date of any change.  And you are required 
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it. 
# However, nothing else grants you permission to modify or distribute this 
# Program or its derivative works. These actions are prohibited by law if 
# you do not accept this License. Therefore, by modifying or distributing 
# this Program (or any work based on this Program), you indicate your 
# acceptance of this License to do so, and all its terms and conditions 
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################

global $config;

// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
    die ("Access Deny!");
}

/*********************************************************/
/* user admin                                            */
/*********************************************************/

function displayUsers($mesg,$letter,$sortby,$orderby,$page) {

// display a list of users
	global $config;

	// check if he has right to user this function
	$rightArray = getAdminRights();
	if (!in_array("6",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	// we include the confirm delete javascript
	$header[js] = "true";
	ps_header($header);
	echo "<h3>".translate("Edit Users");
	if ($mesg) {
		echo "<font size=-1 color=red> ($mesg)</font>";
	}
	echo "</h3>";

	echo "<form method=post  action=\"admin.php\">";
	echo "<b>".translate("Handle").": </b> <input type=text name=\"chng_user\" size=10>\n";

	echo "<select name=\"op\">";
	echo "<option value=\"modifyUser\">".translate("Modify User")."</option>\n";
	echo "<option value=\"delUser\">".translate("Delete User")."</option></select>\n";
	echo "<input type=\"submit\" value=\"".translate("Go!")."\"></form>";

	// initialize variable
	if ($config[root_relative_path] == "/") {
		$rootPath = "";
	} else {
		$rootPath = $config[root_relative_path];
	}
	$pagesize = 20; 
	$filepath="$rootPath/admin.php?op=mod_users";
	if (!isset($letter)) { $letter = "All"; }
    if (!isset($sortby)) { $sortby = "uname"; }
	if (!isset($orderby)) { $orderby = "ASC"; }
    if (!isset($page)) { $page = 1; }

	// display the a list of alphabets 
    alpha($sortby,$filepath,"&");

	// initialize variables for sortlinks
	$input = array();
	$element[method]="uname";
	$element[name] = "Username";
	$input[] = $element;
	$element[method]="status";
	$element[name] = "Status";
	$input[] = $element;
	$element[method]="regDate";
	$element[name] = "Register Date";
	$input[] = $element;
	$element[method]="loginIP";
	$element[name] = "Login IP";
	$input[] = $element;
	$element[method]="loginTime";
	$element[name] = "Login Time";
	$input[] = $element;
	

    SortLinks($sortby,$filepath,$letter,"&",$input);
	echo "<BR><center>";
	$input=NULL;
	unset($input);

	// caculate minimum and maximum
	$min = $pagesize * ($page - 1); // This is where we start our record set from
    $max = $pagesize; // This is how many rows to select


	// select the users now
    $select = "select uname, status, regDate, loginIP, loginTime from ps_users "; 

	// sort by alphabet
    if ( ( $letter != "Other" ) AND ( $letter != "All" ) ) {  
		$where = "where uname like '".$letter."%' "; 
		
	// sort by Others..like numbers
    } else if ( ( $letter == "Other" ) AND ( $letter != "All" ) ) { 
            $where = "where uname REGEXP \"^\[1-9]\" "; 
			
	// no where clause
    } else { 
            $where = ""; 		
    }

	// sort by base on $sortby input
    $sort = "order by $sortby"; 

	// limit the selection
    $limit = " $orderby LIMIT ".$min.", ".$max; 
        

	// count how many users base on where clause
    $count_result = mysql_query($select.$where);
    $num_rows_per_order = mysql_num_rows($count_result);
	if ($count_result) {
		mysql_free_result($count_result);
	}
        
    // do the query now
    $result = mysql_query($select.$where.$sort.$limit) or die(mysql_error() );

	//number of users per sorted and limit query
    $num_rows = mysql_num_rows($result); 
	
	echo "<table width=\"100%\" border=\"0\" cellspacing=\"2\" class=sidebox>";
	echo "<tr>";
	echo "<td class=sideboxtop><b>".translate("Username")."</b></td>";
	echo "<td class=sideboxtop><b>".translate("Status")."</b></td>";
	echo "<td class=sideboxtop><b>".translate("Register Date")."</b></td>";
	echo "<td class=sideboxtop><b>".translate("Login IP")."</b></td>";
	echo "<td class=sideboxtop><b>".translate("Login Time")."</b></td>";
	echo "<td class=sideboxtop><b>".translate("Edit")."</b></td>";
	echo "<td class=sideboxtop><b>".translate("Delete")."</b></td>";
	echo "</tr>";

	// for alternate color
    $a = 0;
    $dcolor_A = "sidebox";
    $dcolor_B = "sidebox2";

	while (list($uname,$status,$regDate,$loginIP,$loginTime) = mysql_fetch_row($result)) {
		$dcolor = ($a == 0 ? $dcolor_A : $dcolor_B);
		$regDate = formatShortTimestamp($regDate);
		$loginTime = formatShortTimeStamp($loginTime);
		echo "<tr>";
		echo "<td class=$dcolor>$uname</td>";
		echo "<td class=$dcolor>$status</td>";
		echo "<td class=$dcolor>$regDate&nbsp;</td>";
		echo "<td class=$dcolor>$loginIP&nbsp;</td>";
		echo "<td class=$dcolor>$loginTime&nbsp;</td>";
		echo "<td class=$dcolor><a href=\"admin.php?op=modifyUser&chng_user=$uname\">".translate("Edit")."</a></td>";
		echo "<td class=$dcolor><a href=\"admin.php?op=delUser&chng_user=$uname\" onclick=\"return confirmDelete()\">".translate("Delete")."</a></td>";
		echo "</tr>";
		$a = ($dcolor == $dcolor_A ? 1 : 0);

	}
	echo "</table></center>";
	if ($result) {
		mysql_free_result($result);
	}

	// initialize the variable for numberLink call
	$input[num_rows_per_order] = $num_rows_per_order;
	$input[pagesize] = $pagesize;
	$input[num_rows] = $num_rows;
	$input[page] = $page;
	$input[item] = "user(s)";
	$input[letter] = $letter;
	$input[sortby] = $sortby;
	$input[filepath] = $filepath;
	$input[orderby]	= $orderby;
	$input[separator] = "&";

	numberLink($input);
	?>
	<hr noshade>

	
	<?	
	
	ps_footer("");
}



function modifyUser($chng_user) {

// show all the information of a user for admin to edit
	global $config;

	// check if he has right to user this function
	$rightArray = getAdminRights();
	if (!in_array("6",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	$db_uname = fixquotes($chng_user);
	ps_header("");
	$result = mysql_query("select u.uid, u.uname, u.userTitle, i.name, i.url, i.email, i.femail, u.pass, u.ban from ps_users u, ps_users_info i where u.uname='$db_uname' and i.uid=u.uid");
	if (($result !=0 ) && (mysql_num_rows($result) > 0)) {
		while(list($chng_uid, $chng_uname, $userTitle, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_pass, $ban) = mysql_fetch_row($result)) {
			$titlebar = "<h3>".translate("Update User").": $chng_uname</h3>";
			echo $titlebar;
			?>
			<form action="admin.php" method="get">
				<table border=0>
					<tr>
						<td><?PHP echo translate("User ID");?></td>
						<td><?PHP echo $chng_uid ?></td>
					</tr>
					<tr>
						<td><?PHP echo translate("Handle");?>*</td>
						<td><input type="text" name="chng_uname" value="<?PHP echo $chng_uname ?>"></td>
					</tr>
					<tr>
						<td width=100><?PHP echo translate("Name");?></td>
						<td><input type="text" name="chng_name" value="<?PHP echo $chng_name ?>"></td>
					</tr>
					<tr>
						<td><?PHP echo translate("URL");?></td>
						<td> <input type="text" name="chng_url" value="<?PHP echo $chng_url ?>" size=30 maxlength=60></td>
					</tr>
					<tr>
						<td><?PHP echo translate("Email");?>*</td>
						<td> <input type="text" name="chng_email" value="<?PHP echo $chng_email ?>" size=30 maxlength=60></td>
					</tr>
					<tr>
						<td><?PHP echo translate("Public Email");?></td>
						<td> <input type="text" name="chng_femail" value="<?PHP echo $chng_femail ?>" size=30 maxlength=60></td>
					</tr>
				    <tr>
						<td><?PHP echo translate("User Title");?></td>
						<td><input type="text" name="userTitle" value="<?PHP echo $userTitle ?>" size=30 maxlength=60></td>
					</tr>
					<tr>
						<td><?PHP echo translate("Password")?></td>
						<td> <input type="password" name="chng_pass"  size=12 maxlength=12></td>
					</tr>
					<tr>
						<td><?PHP echo translate("Retype Password");?></td>
						<td><input type="password" name="chng_pass2" size=12 maxlength=12> <?PHP echo translate("(for changes only)");?></td>
					</tr>
					<tr>
						<td><?PHP echo translate("Ban User?")?></td>
						<td> <input type="checkbox" name="ban"  size=5 maxlength=5 <? if ($ban == "true") echo "checked"; ?>></td>
					</tr>
					<input type="hidden" name="chng_uid" value="<?php echo $chng_uid; ?>">
					<input type="hidden" name="op" value="updateUser">
					<tr>
						<td colspan=2><input type="submit" value="<?PHP echo translate("Update User");?>"></td>
					</tr>
				</table>
			</form>
			<?
		}
		echo "<font color=red>".translate("* indicates REQUIRED fields")."</font>";
	} else {
		if (!$result) {
			echo mysql_errno(). ": ".mysql_error(). "<br>";
		}
		echo errorMsg("No such user!");
	}
	ps_footer("");
}



function updateUser($chng_uid, $chng_uname, $userTitle, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_pass, $chng_pass2, $ban) {

// Update a user information
	global $config;

	// check if he has right to user this function
	$rightArray = getAdminRights();
	if (!in_array("6",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	if (!($chng_uname && $chng_email)) {
		errorPage("Missing Fields!",$config[def_theme]);
	}

	$userArray = getCookie($config[user_cookie_name]);
	list($status) = mysql_fetch_row(mysql_query("select status from ps_users where uid=$chng_uid"));
	
	if ($userArray[status] != "Admin" && $status != "member") {
		errorPage("Access Deny!",$config[def_theme]);
	}

	// change password if $chng_pass is not empty
	if (($chng_pass != "") && ($chng_pass2 != "")) {
		if($chng_pass != $chng_pass2) {
			errorPage("Password one and Password two do not match!",$config[def_theme]);
		}

		$clearPass = $chng_pass;
		if ($config[crypt_method] == 1) {
			$chng_pass=crypt($chng_pass);
		}
		$chng_pass = fixquotes($chng_pass);
		$sql = "update ps_users set pass='$chng_pass' where uid='$chng_uid'";
		if(!mysql_query($sql)) {
			echo mysql_errno(). ": ".mysql_error(). "<br>";
			return;
		}
	} 
	
	$chng_name = fixquotes($chng_name);
	$chng_uname = fixquotes($chng_uname);
	$chng_url = fixquotes($chng_url);
	$chng_email = fixquotes($chng_email);
	$chng_femail = fixquotes($chng_femail);
	$userTitle = fixquotes($userTitle);
	
	// did we ban the user?
	if ($ban == "") {
		$ban = "false";
	} else {
		$ban = "true";
	}
	
	$sql = "update ps_users_info set name='$chng_name', ";
	$sql .= "email='$chng_email', ";
	$sql .= "femail='$chng_femail', ";
	$sql .= "url='$chng_url' ";
	$sql .= "where uid=$chng_uid";

	if(!mysql_query($sql)) {
		echo mysql_errno(). ": ".mysql_error(). "<br>";
		return;
	} 

	$sql= "update ps_users set uname='$chng_uname', userTitle='$userTitle', ban='$ban' where uid=$chng_uid";
	if(!mysql_query($sql)) {
		echo mysql_errno(). ": ".mysql_error(). "<br>";
		return;
	} 

	// we update the password in wwwthread database
	if ($config[use_w3b] == true) {
		include("$config[w3b_path]/config.inc.php");
		if ($userTitle == "") {
			$userTitle = "newbie";
		}
		mysql_select_db($config['dbname']);
		if (($chng_pass != "") && ($chng_pass2 != "")) {
			$query = "update w3t_Users set U_Password = '$chng_pass', U_Title='$userTitle', U_Username='$chng_uname', U_Name='$chng_name', U_Homepage='$chng_url', U_Email='$chng_email', U_Fakeemail='$chng_femail' where U_Username='$chng_uname'";
		} else {
			$query = "update w3t_Users set U_Title='$userTitle', U_Username='$chng_uname', U_Name='$chng_name', U_Homepage='$chng_url', U_Email='$chng_email', U_Fakeemail='$chng_femail' where U_Username='$chng_uname'";
		}
		if(!mysql_query($query)) {
			echo mysql_errno(). ": ".mysql_error(). "<br>";
			return;
		} 
	}

	// we update the password in phpBB database
	if ($config[use_phpBB] == true) {
		if (($chng_pass != "") && ($chng_pass2 != "")) {
			include("$config[phpBB_path]/extention.inc");
			include("$config[phpBB_path]/config.php");
			include("$config[phpBB_path]/functions.php");
			include("$config[phpBB_path]/auth.php");
		
			$md5_passwd = md5($clearPass);
			$query = "update users set user_password = '$md5_passwd' where username = '$db_uname'";
			mysql_query($query);
		}	
		
	}

	$mesg = translate("Operation+Successful!");
	header("Location: admin.php?mesg=$mesg&op=mod_users"); 
}

function delUser($chng_user) {

// delete a user
	global $config;

	// check if he has right to user this function
	$rightArray = getAdminRights();
	if (!in_array("6",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	$userArray = getCookie($config[user_cookie_name]);
	if ($userArray[status] != "Admin" && $status == "Admin") {
		errorPage("Access Deny!",$config[def_theme]);
	}
	
	$db_uname = fixquotes($chng_user);
	list($uid,$status,$forwarder) = mysql_fetch_row(mysql_query("select uid,status,forwarder from ps_users where uname='$db_uname'"));

	if ($uid == "") {
			errorPage("No such user!",$config[def_theme]);
	}

	mysql_query("delete from ps_users where uid='$del_uid' or uname='$db_uname'");
	mysql_query("delete from ps_users_info where uid='$uid'");
	mysql_query("delete from ps_users_comments where uid='$uid'");
	mysql_query("delete from ps_users_home where uid='$uid'");
	mysql_query("delete from ps_domain where uid='$uid'");

	// delete qmail forwarder if any
	if ($config[email_forward] == true) {
		if ($forwarder != "") {
			$fileName = "rm.qmail-" . $forwarder;
			$fullPath = $config[data_path] . "/" . $fileName;
			touch($fullPath);

		}
	}

	# update wwwthreads
	if ($config[use_w3b] == true) {
		include("$config[w3b_path]/config.inc.php");
	
		mysql_select_db($config['dbname']);
		$query = "delete from w3t_Users where U_Username = '$db_uname'";
		$q2 = "delete from w3t_Moderators where Mod_Username = '$db_uname'";
		$q3 = " DELETE FROM w3t_Messages WHERE M_Username = '$db_uname'";
		$q4 = " DELETE FROM w3t_Last WHERE L_Username = '$db_uname'";
		$q5 = "DELETE FROM w3t_Subscribe WHERE S_Username = '$db_uname'";
		mysql_query($query);
		mysql_query($q2);
		mysql_query($q3);
		mysql_query($q4);
		mysql_query($q5);
	}
	
	// update phpBB
	if ($config[use_phpBB] == true) {
		include("$config[phpBB_path]/extention.inc");
		include("$config[phpBB_path]/config.php");
		include("$config[phpBB_path]/functions.php");
		include("$config[phpBB_path]/auth.php");

		$result = mysql_query("select user_id from users where username = '$db_uname'");
		list($userID) = mysql_fetch_row($result);
		$query = "delete from users where username='$db_uname'";
		$q2 = "delete from banlist where ban_userid = $userID";
		$q3 = "delete from forum_access where user_id = $userID";
		$q4 = "delete from forum_mods where user_id = $userID";
		$q5 = "delete from sessions where user_id = $userID";
		mysql_query($query);
		mysql_query($q2);
		mysql_query($q3);
		mysql_query($q4);
		mysql_query($q5);
	}


	$mesg = translate("Operation+Successful!");
	Header("Location: admin.php?mesg=$mesg&op=mod_users");

}

?>
Return current item: PSlash