<?
###############################################################################
# Copyright (C) 2000 Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating
# that you changed the files and the date of any change. And you are required
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it.
# However, nothing else grants you permission to modify or distribute this
# Program or its derivative works. These actions are prohibited by law if
# you do not accept this License. Therefore, by modifying or distributing
# this Program (or any work based on this Program), you indicate your
# acceptance of this License to do so, and all its terms and conditions
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################
global $config;
// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
die ("Access Deny!");
}
/*********************************************************/
/* user admin */
/*********************************************************/
function displayUsers($mesg,$letter,$sortby,$orderby,$page) {
// display a list of users
global $config;
// check if he has right to user this function
$rightArray = getAdminRights();
if (!in_array("6",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
// we include the confirm delete javascript
$header[js] = "true";
ps_header($header);
echo "<h3>".translate("Edit Users");
if ($mesg) {
echo "<font size=-1 color=red> ($mesg)</font>";
}
echo "</h3>";
echo "<form method=post action=\"admin.php\">";
echo "<b>".translate("Handle").": </b> <input type=text name=\"chng_user\" size=10>\n";
echo "<select name=\"op\">";
echo "<option value=\"modifyUser\">".translate("Modify User")."</option>\n";
echo "<option value=\"delUser\">".translate("Delete User")."</option></select>\n";
echo "<input type=\"submit\" value=\"".translate("Go!")."\"></form>";
// initialize variable
if ($config[root_relative_path] == "/") {
$rootPath = "";
} else {
$rootPath = $config[root_relative_path];
}
$pagesize = 20;
$filepath="$rootPath/admin.php?op=mod_users";
if (!isset($letter)) { $letter = "All"; }
if (!isset($sortby)) { $sortby = "uname"; }
if (!isset($orderby)) { $orderby = "ASC"; }
if (!isset($page)) { $page = 1; }
// display the a list of alphabets
alpha($sortby,$filepath,"&");
// initialize variables for sortlinks
$input = array();
$element[method]="uname";
$element[name] = "Username";
$input[] = $element;
$element[method]="status";
$element[name] = "Status";
$input[] = $element;
$element[method]="regDate";
$element[name] = "Register Date";
$input[] = $element;
$element[method]="loginIP";
$element[name] = "Login IP";
$input[] = $element;
$element[method]="loginTime";
$element[name] = "Login Time";
$input[] = $element;
SortLinks($sortby,$filepath,$letter,"&",$input);
echo "<BR><center>";
$input=NULL;
unset($input);
// caculate minimum and maximum
$min = $pagesize * ($page - 1); // This is where we start our record set from
$max = $pagesize; // This is how many rows to select
// select the users now
$select = "select uname, status, regDate, loginIP, loginTime from ps_users ";
// sort by alphabet
if ( ( $letter != "Other" ) AND ( $letter != "All" ) ) {
$where = "where uname like '".$letter."%' ";
// sort by Others..like numbers
} else if ( ( $letter == "Other" ) AND ( $letter != "All" ) ) {
$where = "where uname REGEXP \"^\[1-9]\" ";
// no where clause
} else {
$where = "";
}
// sort by base on $sortby input
$sort = "order by $sortby";
// limit the selection
$limit = " $orderby LIMIT ".$min.", ".$max;
// count how many users base on where clause
$count_result = mysql_query($select.$where);
$num_rows_per_order = mysql_num_rows($count_result);
if ($count_result) {
mysql_free_result($count_result);
}
// do the query now
$result = mysql_query($select.$where.$sort.$limit) or die(mysql_error() );
//number of users per sorted and limit query
$num_rows = mysql_num_rows($result);
echo "<table width=\"100%\" border=\"0\" cellspacing=\"2\" class=sidebox>";
echo "<tr>";
echo "<td class=sideboxtop><b>".translate("Username")."</b></td>";
echo "<td class=sideboxtop><b>".translate("Status")."</b></td>";
echo "<td class=sideboxtop><b>".translate("Register Date")."</b></td>";
echo "<td class=sideboxtop><b>".translate("Login IP")."</b></td>";
echo "<td class=sideboxtop><b>".translate("Login Time")."</b></td>";
echo "<td class=sideboxtop><b>".translate("Edit")."</b></td>";
echo "<td class=sideboxtop><b>".translate("Delete")."</b></td>";
echo "</tr>";
// for alternate color
$a = 0;
$dcolor_A = "sidebox";
$dcolor_B = "sidebox2";
while (list($uname,$status,$regDate,$loginIP,$loginTime) = mysql_fetch_row($result)) {
$dcolor = ($a == 0 ? $dcolor_A : $dcolor_B);
$regDate = formatShortTimestamp($regDate);
$loginTime = formatShortTimeStamp($loginTime);
echo "<tr>";
echo "<td class=$dcolor>$uname</td>";
echo "<td class=$dcolor>$status</td>";
echo "<td class=$dcolor>$regDate </td>";
echo "<td class=$dcolor>$loginIP </td>";
echo "<td class=$dcolor>$loginTime </td>";
echo "<td class=$dcolor><a href=\"admin.php?op=modifyUser&chng_user=$uname\">".translate("Edit")."</a></td>";
echo "<td class=$dcolor><a href=\"admin.php?op=delUser&chng_user=$uname\" onclick=\"return confirmDelete()\">".translate("Delete")."</a></td>";
echo "</tr>";
$a = ($dcolor == $dcolor_A ? 1 : 0);
}
echo "</table></center>";
if ($result) {
mysql_free_result($result);
}
// initialize the variable for numberLink call
$input[num_rows_per_order] = $num_rows_per_order;
$input[pagesize] = $pagesize;
$input[num_rows] = $num_rows;
$input[page] = $page;
$input[item] = "user(s)";
$input[letter] = $letter;
$input[sortby] = $sortby;
$input[filepath] = $filepath;
$input[orderby] = $orderby;
$input[separator] = "&";
numberLink($input);
?>
<hr noshade>
<?
ps_footer("");
}
function modifyUser($chng_user) {
// show all the information of a user for admin to edit
global $config;
// check if he has right to user this function
$rightArray = getAdminRights();
if (!in_array("6",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
$db_uname = fixquotes($chng_user);
ps_header("");
$result = mysql_query("select u.uid, u.uname, u.userTitle, i.name, i.url, i.email, i.femail, u.pass, u.ban from ps_users u, ps_users_info i where u.uname='$db_uname' and i.uid=u.uid");
if (($result !=0 ) && (mysql_num_rows($result) > 0)) {
while(list($chng_uid, $chng_uname, $userTitle, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_pass, $ban) = mysql_fetch_row($result)) {
$titlebar = "<h3>".translate("Update User").": $chng_uname</h3>";
echo $titlebar;
?>
<form action="admin.php" method="get">
<table border=0>
<tr>
<td><?PHP echo translate("User ID");?></td>
<td><?PHP echo $chng_uid ?></td>
</tr>
<tr>
<td><?PHP echo translate("Handle");?>*</td>
<td><input type="text" name="chng_uname" value="<?PHP echo $chng_uname ?>"></td>
</tr>
<tr>
<td width=100><?PHP echo translate("Name");?></td>
<td><input type="text" name="chng_name" value="<?PHP echo $chng_name ?>"></td>
</tr>
<tr>
<td><?PHP echo translate("URL");?></td>
<td> <input type="text" name="chng_url" value="<?PHP echo $chng_url ?>" size=30 maxlength=60></td>
</tr>
<tr>
<td><?PHP echo translate("Email");?>*</td>
<td> <input type="text" name="chng_email" value="<?PHP echo $chng_email ?>" size=30 maxlength=60></td>
</tr>
<tr>
<td><?PHP echo translate("Public Email");?></td>
<td> <input type="text" name="chng_femail" value="<?PHP echo $chng_femail ?>" size=30 maxlength=60></td>
</tr>
<tr>
<td><?PHP echo translate("User Title");?></td>
<td><input type="text" name="userTitle" value="<?PHP echo $userTitle ?>" size=30 maxlength=60></td>
</tr>
<tr>
<td><?PHP echo translate("Password")?></td>
<td> <input type="password" name="chng_pass" size=12 maxlength=12></td>
</tr>
<tr>
<td><?PHP echo translate("Retype Password");?></td>
<td><input type="password" name="chng_pass2" size=12 maxlength=12> <?PHP echo translate("(for changes only)");?></td>
</tr>
<tr>
<td><?PHP echo translate("Ban User?")?></td>
<td> <input type="checkbox" name="ban" size=5 maxlength=5 <? if ($ban == "true") echo "checked"; ?>></td>
</tr>
<input type="hidden" name="chng_uid" value="<?php echo $chng_uid; ?>">
<input type="hidden" name="op" value="updateUser">
<tr>
<td colspan=2><input type="submit" value="<?PHP echo translate("Update User");?>"></td>
</tr>
</table>
</form>
<?
}
echo "<font color=red>".translate("* indicates REQUIRED fields")."</font>";
} else {
if (!$result) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
}
echo errorMsg("No such user!");
}
ps_footer("");
}
function updateUser($chng_uid, $chng_uname, $userTitle, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_pass, $chng_pass2, $ban) {
// Update a user information
global $config;
// check if he has right to user this function
$rightArray = getAdminRights();
if (!in_array("6",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
if (!($chng_uname && $chng_email)) {
errorPage("Missing Fields!",$config[def_theme]);
}
$userArray = getCookie($config[user_cookie_name]);
list($status) = mysql_fetch_row(mysql_query("select status from ps_users where uid=$chng_uid"));
if ($userArray[status] != "Admin" && $status != "member") {
errorPage("Access Deny!",$config[def_theme]);
}
// change password if $chng_pass is not empty
if (($chng_pass != "") && ($chng_pass2 != "")) {
if($chng_pass != $chng_pass2) {
errorPage("Password one and Password two do not match!",$config[def_theme]);
}
$clearPass = $chng_pass;
if ($config[crypt_method] == 1) {
$chng_pass=crypt($chng_pass);
}
$chng_pass = fixquotes($chng_pass);
$sql = "update ps_users set pass='$chng_pass' where uid='$chng_uid'";
if(!mysql_query($sql)) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
return;
}
}
$chng_name = fixquotes($chng_name);
$chng_uname = fixquotes($chng_uname);
$chng_url = fixquotes($chng_url);
$chng_email = fixquotes($chng_email);
$chng_femail = fixquotes($chng_femail);
$userTitle = fixquotes($userTitle);
// did we ban the user?
if ($ban == "") {
$ban = "false";
} else {
$ban = "true";
}
$sql = "update ps_users_info set name='$chng_name', ";
$sql .= "email='$chng_email', ";
$sql .= "femail='$chng_femail', ";
$sql .= "url='$chng_url' ";
$sql .= "where uid=$chng_uid";
if(!mysql_query($sql)) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
return;
}
$sql= "update ps_users set uname='$chng_uname', userTitle='$userTitle', ban='$ban' where uid=$chng_uid";
if(!mysql_query($sql)) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
return;
}
// we update the password in wwwthread database
if ($config[use_w3b] == true) {
include("$config[w3b_path]/config.inc.php");
if ($userTitle == "") {
$userTitle = "newbie";
}
mysql_select_db($config['dbname']);
if (($chng_pass != "") && ($chng_pass2 != "")) {
$query = "update w3t_Users set U_Password = '$chng_pass', U_Title='$userTitle', U_Username='$chng_uname', U_Name='$chng_name', U_Homepage='$chng_url', U_Email='$chng_email', U_Fakeemail='$chng_femail' where U_Username='$chng_uname'";
} else {
$query = "update w3t_Users set U_Title='$userTitle', U_Username='$chng_uname', U_Name='$chng_name', U_Homepage='$chng_url', U_Email='$chng_email', U_Fakeemail='$chng_femail' where U_Username='$chng_uname'";
}
if(!mysql_query($query)) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
return;
}
}
// we update the password in phpBB database
if ($config[use_phpBB] == true) {
if (($chng_pass != "") && ($chng_pass2 != "")) {
include("$config[phpBB_path]/extention.inc");
include("$config[phpBB_path]/config.php");
include("$config[phpBB_path]/functions.php");
include("$config[phpBB_path]/auth.php");
$md5_passwd = md5($clearPass);
$query = "update users set user_password = '$md5_passwd' where username = '$db_uname'";
mysql_query($query);
}
}
$mesg = translate("Operation+Successful!");
header("Location: admin.php?mesg=$mesg&op=mod_users");
}
function delUser($chng_user) {
// delete a user
global $config;
// check if he has right to user this function
$rightArray = getAdminRights();
if (!in_array("6",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
$userArray = getCookie($config[user_cookie_name]);
if ($userArray[status] != "Admin" && $status == "Admin") {
errorPage("Access Deny!",$config[def_theme]);
}
$db_uname = fixquotes($chng_user);
list($uid,$status,$forwarder) = mysql_fetch_row(mysql_query("select uid,status,forwarder from ps_users where uname='$db_uname'"));
if ($uid == "") {
errorPage("No such user!",$config[def_theme]);
}
mysql_query("delete from ps_users where uid='$del_uid' or uname='$db_uname'");
mysql_query("delete from ps_users_info where uid='$uid'");
mysql_query("delete from ps_users_comments where uid='$uid'");
mysql_query("delete from ps_users_home where uid='$uid'");
mysql_query("delete from ps_domain where uid='$uid'");
// delete qmail forwarder if any
if ($config[email_forward] == true) {
if ($forwarder != "") {
$fileName = "rm.qmail-" . $forwarder;
$fullPath = $config[data_path] . "/" . $fileName;
touch($fullPath);
}
}
# update wwwthreads
if ($config[use_w3b] == true) {
include("$config[w3b_path]/config.inc.php");
mysql_select_db($config['dbname']);
$query = "delete from w3t_Users where U_Username = '$db_uname'";
$q2 = "delete from w3t_Moderators where Mod_Username = '$db_uname'";
$q3 = " DELETE FROM w3t_Messages WHERE M_Username = '$db_uname'";
$q4 = " DELETE FROM w3t_Last WHERE L_Username = '$db_uname'";
$q5 = "DELETE FROM w3t_Subscribe WHERE S_Username = '$db_uname'";
mysql_query($query);
mysql_query($q2);
mysql_query($q3);
mysql_query($q4);
mysql_query($q5);
}
// update phpBB
if ($config[use_phpBB] == true) {
include("$config[phpBB_path]/extention.inc");
include("$config[phpBB_path]/config.php");
include("$config[phpBB_path]/functions.php");
include("$config[phpBB_path]/auth.php");
$result = mysql_query("select user_id from users where username = '$db_uname'");
list($userID) = mysql_fetch_row($result);
$query = "delete from users where username='$db_uname'";
$q2 = "delete from banlist where ban_userid = $userID";
$q3 = "delete from forum_access where user_id = $userID";
$q4 = "delete from forum_mods where user_id = $userID";
$q5 = "delete from sessions where user_id = $userID";
mysql_query($query);
mysql_query($q2);
mysql_query($q3);
mysql_query($q4);
mysql_query($q5);
}
$mesg = translate("Operation+Successful!");
Header("Location: admin.php?mesg=$mesg&op=mod_users");
}
?>