Location: PHPKode > projects > QuickTalk Forum > quicktalk/qtf_adm_users.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license.  If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @category   Forum
* @package    QuickTalk
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5 build:20100924
* @since      File available since Release 1.0.0
* @deprecated File deprecated in Release 3.0.0
*/

session_start();
require_once('bin/qtf_init.php');
include(Translate('qtf_adm.php'));
include(Translate('qtf_reg.php'));

if ( $oVIP->role!='A' ) die($L['E_admin']);

// INITIALISE

include('bin/qtf_fn_sql.php');

$strGroups='';

$oVIP->selfurl = 'qtf_adm_users.php';
$oVIP->selfname = '<span class="upper">'.$L['Adm_content'].'</span><br/>'.$L['Members'];
$oVIP->exitname = '&laquo; '.$L['Members'];

// --------
// SUBMITTED
// --------

if ( isset($_POST['del']) )
{
  if ( $_POST['cat']=='FM' ) $oDB->Query('DELETE FROM '.TABUSER.' WHERE firstdate=lastdate AND id>1');
  if ( $_POST['cat']=='SC' ) $oDB->Query('DELETE FROM '.TABUSER.' WHERE children="2" AND id>1');
  if ( $_POST['cat']=='SM' )
  {
    switch(substr($oDB->type,0,5))
    {
    case 'mysql': $oDB->Query('DELETE FROM '.TABUSER.' WHERE LEFT(lastdate,8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    case 'mssql': $oDB->Query('DELETE FROM '.TABUSER.' WHERE LEFT(lastdate,8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    case 'pg':    $oDB->Query('DELETE FROM '.TABUSER.' WHERE SUBSTRING(lastdate,1,8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    case 'ibase': $oDB->Query('DELETE FROM '.TABUSER.' WHERE SUBSTRING(lastdate FROM 1 FOR 8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    case 'sqlit': $oDB->Query('DELETE FROM '.TABUSER.' WHERE SUBSTR(lastdate,1,8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    case 'db2':   $oDB->Query('DELETE FROM '.TABUSER.' WHERE SUBSTR(lastdate,1,8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    case 'oci':   $oDB->Query('DELETE FROM '.TABUSER.' WHERE SUBSTR(lastdate,1,8)<'.DateAdd(date('Ymd'),-1,'year').' AND id>1'); break;
    default: die('Unknown db type '.$oDB->type);
    }
  }
  echo '&laquo;&nbsp;<a href="qtf_adm_users.php">',$L['Members'],'</a>',N;
  echo '<meta http-equiv="REFRESH" content="3;url=qtf_adm_users.php">',N;
  exit;
}

if ( isset($_POST['add']) )
{
  // check
  if ( empty($error) )
  {
    $str = $_POST['title']; if ( get_magic_quotes_gpc() ) $str = stripslashes($str);
    $str = QTconv($str,'U');
    if ( !QTislogin($str) ) $error = $L['Username'].S.$L['E_invalid'];
    $strTitle = $str;
  }
  if ( empty($error) )
  {
    $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE name="'.htmlspecialchars($strTitle,ENT_QUOTES).'"');
    $row = $oDB->Getrow();
    if ($row['countid']!=0) $error=$L['Username'].S.$L['E_already_used'];
  }
  if ( empty($error) )
  {
    $str = $_POST['pass']; if ( get_magic_quotes_gpc() ) $str = stripslashes($str);
    $str = QTconv($str,'U');
    if ( !QTispassword($str) ) $error = $L['Password'].S.$L['E_invalid'];
    $strNewpwd = $str;
  }
  if ( empty($error) )
  {
    $str = $_POST['mail']; if ( get_magic_quotes_gpc() ) $str = stripslashes($str);
    $str = QTconv($str,'U');
    if ( !QTismail($str) ) $error = $L['Email'].S.$L['E_invalid'];
    $strMail = $str;
  }

  if ( empty($error) )
  {
    include('bin/qt_lib_smtp.php');
    $id = $oDB->Nextid(TABUSER);
    $oDB->Query( 'INSERT INTO '.TABUSER.' (id,name,pwd,closed,role,mail,privacy,firstdate,lastdate,numpost,children,parentmail,picture) VALUES ('.$id.',"'.htmlspecialchars($strTitle,ENT_QUOTES).'","'.sha1($strNewpwd).'","0","'.$_POST['role'].'","'.$strMail.'","1","'.date('Ymd His').'","'.date('Ymd His').'",0,"0","","0")' );

    // send email
    if ( isset($_POST['notify']) )
    {
    $strSubject='Welcome';
    $strMessage="Please find here after your login and password to access the board {$_SESSION[QT]['site_name']}.\nLogin: %s\nPassword: %s";
    $strFile = GetLang().'mail_registred.php';
    if ( file_exists($strFile) ) include($strFile);
    $strMessage = sprintf($strMessage,$strTitle,$strNewpwd);
    QTmail($strMail,$strSubject,$strMessage,QTF_HTML_CHAR);
    }

    // exit
    unset($_POST['title']);
    unset($_POST['pass']);
    $strInfo = $L['Register_completed'];
  }
}

// INITIALISE

$strGroup = 'all';
$intLimit = 0;
$intPage  = 1;
$strOrder = 'name';
$strDirec = 'ASC';
$strInver = 'DESC';
$strCateg = 'all';

// --------
// HTML START
// --------

$strHeadScript = '
<script type="text/javascript" src="bin/qt_jquery.js"></script>
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert(qtHtmldecode("'.$L['E_mandatory'].': '.$L['Username'].'")); return false; }
  if (theForm.pass.value.length==0) { alert(qtHtmldecode("'.$L['E_mandatory'].': '.$L['Password'].'")); return false; }
  if (theForm.mail.value.length==0) { alert(qtHtmldecode("'.$L['E_mandatory'].': '.$L['Email'].'")); return false; }
  return null;
}
$(function() {
  $("#title").blur(function() {
    $.post("qtf_j_exists.php",
      {f:"name",v:$("#title").val(),e1:"'.$L['E_min_4_char'].'",e2:"'.$L['E_already_used'].'"},
      function(data) { if ( data.length>0 ) document.getElementById("title_err").innerHTML=data; });
  });
});
-->
</script>
';

$bJava=true;
include('qtf_adm_p_header.php');

// --------
// CONTENT
// --------

if ( isset($_GET['group']) ) { $strGroup = substr($_GET['group'],0,3); }
if ( isset($_GET['page']) )  { $intLimit = (intval($_GET['page'])-1)*$_SESSION[QT]['topics_per_page']; $intPage = intval($_GET['page']); }
if ( isset($_GET['cat']) )   { $strCateg = $_GET['cat']; }
if ( isset($_GET['order']) ) { $strOrder = strip_tags(substr($_GET['order'],0,15)); } // protection against injection
if ( isset($_GET['dir']) )   { if ( $_GET['dir']=='DESC' ) $strDirec = 'DESC'; }      // protection against injection

if ( $strDirec=='DESC' ) $strInver='ASC';

// Global statistics  (count users)

  $oDB->Query('SELECT count(id) as countid FROM '.TABUSER);
  $row = $oDB->Getrow();
  $intUsers = $row['countid'];

// Global statistics  (count users without post)

  $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE id>1 AND firstdate=lastdate');
  $row = $oDB->Getrow();
  $intFalse = $row['countid'];
  if ( $intFalse>0 )
  {
  $strFalse = '<a href="qtf_adm_users.php?cat=FM">[&raquo;]</a>';
  }else{
  $strFalse = S;
  }

// Global statistics  (count users sleeping 1 year)

  $oDB->Query('SELECT count(id) as numuser FROM '.TABUSER.' WHERE id>1 AND lastdate<"'.DateAdd(date('Ymd His'),-1,'year').'"');
  $row = $oDB->Getrow();
  $intSleeping = $row['numuser'];

  if ( $intSleeping>0 )
  {
  $strSleeping = '<a href="qtf_adm_users.php?cat=SM">[&raquo;]</a>';
  }else{
  $strSleeping = S;
  }

// Global statistics  (children and children without agreement)

  if ( $_SESSION[QT]['register_coppa']=='1' )
  {
    // children (all)
    $oDB->Query('SELECT count(id) as numuser FROM '.TABUSER.' WHERE id>1 AND children<>\'0\'');
    $row = $oDB->Getrow();
    $intChild = $row['numuser'];

    if ( $intChild>0 )
    {
    $strChild = '<a href="qtf_adm_users.php?cat=CH">[&raquo;]</a>';
    }
    else
    {
    $strChild = S;
    }

    // children (without agreement only)
    $oDB->Query('SELECT count(id) as numuser FROM '.TABUSER.' WHERE id>1 AND children="2"');
    $row = $oDB->Getrow();
    $intSleepchild = $row['numuser'];

    if ( $intSleepchild>0 )
    {
    $strSleepChild = '<a href="qtf_adm_users.php?cat=SC">[&raquo;]</a>';
    }
    else
    {
    $strSleepChild = S;
    }
  }

echo '
<table class="hidden" cellspacing="0" summary="users">
<tr class="hidden">
<td class="hidden" style="width:500px;">
';
echo '
<table class="data_o" cellspacing="0" summary="users">
<tr class="data_o">
<td class="colgroup">',$L['Members'],'</td>
<td class="colgroup">&nbsp;</td>
<td class="colgroup"><b>',$intUsers,'</b></td>
<td class="colgroup"><a href="qtf_adm_users.php">[&raquo;]</a></td>
</tr>
';
echo '<tr class="data_o">
<td class="colct">',$L['Members_FM'],'</td>
<td class="colct"><span class="small">',$L['H_Members_FM'],'</span></td>
<td class="colct"><b>',$intFalse,'</b></td>
<td class="colct">',$strFalse,'</td>
</tr>
';
echo '<tr class="data_o">
<td class="colct">',$L['Members_SM'],'</td>
<td class="colct"><span class="small">',$L['H_Members_SM'],'</span></td>
<td class="colct"><b>',$intSleeping,'</b></td>
<td class="colct">',$strSleeping,'</td>
</tr>
';
if ( $_SESSION[QT]['register_coppa']=='1' )
{
echo '<tr class="data_o">
<td class="colct">',$L['Members_CH'],'</td>
<td class="colct"><span class="small">',$L['H_Members_CH'],'</span></td>
<td class="colct"><b>',$intChild,'</b></td>
<td class="colct">',$strChild,'</td>
</tr>
';
echo '<tr class="data_o">
<td class="colct">',$L['Members_SC'],'</td>
<td class="colct"><span class="small">',$L['H_Members_SC'],'</span></td>
<td class="colct"><b>',$intSleepchild,'</b></td>
<td class="colct">',$strSleepChild,'</td>
</tr>
';
}
echo '</table>
</td>
<td class="hidden">&nbsp;</td>
<td class="hidden" id="zone_topparticipants">
',$L['Top_participants'],'<br/>
<table class="hidden" cellspacing="0" summary="top participants">
';

  // Top 5 participants
  $strState = 'name, id, numpost FROM '.TABUSER.' WHERE id>0';
  $oDB->Query( LimitSQL($strState,'numpost DESC',0,5) );

  For ($i=0;$i<5;$i++)
  {
    $row = $oDB->Getrow();
    if ( !$row ) break;
    echo '<tr><td><a href="qtf_user.php?id=',$row['id'],'">',$row['name'],'</a></td><td style="text-align:right">',$row['numpost'],'<td></tr>';
  }

echo '
</table>
</td>
</tr>
</table>
';

// --------
// Category subform
// --------

if ( $strCateg!='all' )
{
  echo '<h1>',$L['Members_'.$strCateg],' (',$L['H_Members_'.$strCateg],')</h1>',N;
  if ( $strCateg!='CH' )
  {
  echo '<form method="post" action="qtf_adm_users.php">';
  $intCount = $intFalse;
  if ( $strCateg=='SM' ) $intCount = $intSleeping;
  if ( $strCateg=='SC' ) $intCount = $intSleepchild;
  echo $L['Delete'],' ',$intCount,' ',$L['Members_'.$strCateg],'&nbsp;&nbsp;<input type="hidden" name="cat" value="',$strCateg,'"/><input type="submit" name="del" value="',$L['Delete'],' !"/></form>',N;
  }
}

// --------
// Button line and pager
// --------

if ( $strCateg=='all' ) $strGroups = HtmlLettres($strGroup,$L['All']);

// refine query
Switch ($strGroup)
{
  Case 'all': $strWhere = ' WHERE id>=0'; Break;
  Case '0':   $strWhere = ' WHERE '.FirstCharCase('name','a-z'); Break;
  Default:    $strWhere = ' WHERE '.FirstCharCase('name','u').'="'.$strGroup.'"'; Break;
}
// refine query by category
if ( $strCateg=='FM' ) $strWhere .= ' AND id>1 AND firstdate=lastdate'; //false members
if ( $strCateg=='SM' ) $strWhere .= ' AND id>1 AND lastdate<"'.DateAdd(date('Ymd His'),-1,'year').'"'; //sleeping members
if ( $strCateg=='CH' ) $strWhere .= ' AND id>1 AND children<>"0"'; //children
if ( $strCateg=='SC' ) $strWhere .= ' AND id>1 AND children="2"'; //sleeping children

// count query
$oDB->Query('SELECT count(id) as countid FROM '.TABUSER.$strWhere);
$row = $oDB->Getrow();
$intCount = $row['countid'];

// -- build pager --

$strPager = MakePager("qtf_adm_users.php?cat=$strCateg&group=$strGroup&order=$strOrder&dir=$strDirec",$intCount,$_SESSION[QT]['topics_per_page'],$intPage);
if ( !empty($strPager) ) { $strPager = $L['Page'].$strPager; } else { $strPager=S; }
if ( $intCount<$intUsers ) $strPager = '<span class="small">'.$intCount.' '.$L['Selected_from'].' '.$intUsers.' '.strtolower($L['Members']).'</span>'.($strPager==S ? '' : ' | '.$strPager);

// -- Display button line and pager --

if ( $intCount>$_SESSION[QT]['topics_per_page'] || $strGroup!='all' ) echo '<br/><table class="button" cellspacing="0"><tr>',N,$strGroups,N,'</tr></table>',N;
echo '<table class="hidden" cellspacing="0" summary="pages"><tr><td id="pager_zt">',$strPager,'</td></tr></table>',N;

// end if no result
if ( $intCount==0 )
{
  echo $L['None'];
  include('qtf_adm_p_footer.php');
  exit;
}

// --------
// Memberlist
// --------

if ( $intCount!=0 )
{

  $img['NO']='';
  $img['ASC']= ' <img class="ico i_sort" src="admin/sort_asc.gif" alt="+"/>';
  $img['DESC']= ' <img class="ico i_sort" src="admin/sort_desc.gif" alt="-"/>';
  $sort['ASC']= 'DESC';
  $sort['DESC']= 'ASC';

  echo '<table class="data_t" cellspacing="0" summary="users">',N;
  echo '<tr class="data_t">',N;
  if ( $intCount>2 )
  {
    echo '<td class="colhd" style="width:40px"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=id&amp;dir=' , $sort[$strDirec] , '">Id</a>' , ($strOrder=='id' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=name&amp;dir=' , $sort[$strDirec] , '">' , $L['Member'] , '</a>' , ($strOrder=='name' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=closed&amp;dir=' , $sort[$strDirec] , '">' , $L['Ban'] , '</a>' , ($strOrder=='closed' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=role&amp;dir=' , $sort[$strDirec] , '">' , $L['Role'] , '</a>' , ($strOrder=='role' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd">',$L['Action'],'</td>',N;
    echo '<td class="colhd"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=numpost&amp;dir=' , $sort[$strDirec] , '">' , $L['Messages'] , '</a>' , ($strOrder=='numpost' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    if ( $strCateg=='FM' || $strCateg=='SC' )
    {
    echo '<td class="colhd"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=firstdate&amp;dir=' , $sort[$strDirec] , '">' , $L['Joined'] , '</a>' , ($strOrder=='firstdate' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    }
    else
    {
    echo '<td class="colhd"><a href="qtf_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=lastdate&amp;dir=' , $sort[$strDirec] , '">' , $L['Last_message'] , '</a>' , ($strOrder=='lastdate' ? $img[$strDirec] : $img['NO']) , ' (ip)</td>',N;
    }
  }
  else
  {
    echo '<td class="colhd" style="width:40px">Id</td>',N;
    echo '<td class="colhd">',$L['Member'],'</td>',N;
    echo '<td class="colhd">',$L['Ban'],'</td>',N;
    echo '<td class="colhd">',$L['Role'],'</td>',N;
    echo '<td class="colhd">',$L['Action'],'</td>',N;
    echo '<td class="colhd">',$L['Messages'],'</td>',N;
    if ( $strCateg=='FM' || $strCateg=='SC' )
    {
    echo '<td class="colhd">',$L['Joined'],'</td>',N;
    }
    else
    {
    echo '<td class="colhd">',$L['Last_message'],' (ip)</td>',N;
    }
  }
  echo '</tr>',N;

  //-- LIMIT QUERY --
  $strState = 'id,name,closed,role,numpost,firstdate,lastdate,ip FROM '.TABUSER.$strWhere;
  $oDB->Query( LimitSQL($strState,$strOrder.' '.$strDirec,$intLimit,$_SESSION[QT]['topics_per_page'],$intCount) );
  // --------

  For ($i=0;$i<$_SESSION[QT]['topics_per_page'];$i++)
  {
    $row = $oDB->Getrow();
    if ( !$row ) break;

    $strBan = $L['N'];
    if ( $row['closed']=='1' ) $strBan = '1';
    if ( $row['closed']=='2' ) $strBan = '10';
    if ( $row['closed']=='3' ) $strBan = '20';
    if ( $row['closed']=='4' ) $strBan = '30';
    echo '<tr class="data_t rowlight">',N;
    echo '<td class="colct"><span class="small">',$row['id'].'</span></td>',N;
    echo '<td class="colct"><a href="qtf_user.php?id=',$row['id'],'">',$row['name'],'</a></td>',N;
    echo '<td class="colct"><span class="small',($strBan==$L['N'] ? ' disabled' : ''),'">',$strBan,'</span></td>',N;
    echo '<td class="colct"><span class="small">',$L['Userrole'][$row['role']],'</span></td>',N;
    echo '<td class="colct">',($row['id']>1 ? '<a class="small" href="qtf_change.php?a=user_ban&amp;p='.$row['id'].'&amp;v=adm">'.$L['Banish'].'</a> &middot; <a class="small" href="qtf_change.php?a=user_del&amp;p='.$row['id'].'&amp;v=adm">'.$L['Delete'].'</a>' : S),'</td>',N;
    echo '<td class="colct">',$row['numpost'],'</td>',N;
    echo '<td class="colct">';
    if ( $strCateg=='FM' || $strCateg=='SC' )
    {
      echo '<span class="small">',QTdatestr($row['firstdate'],'$','$',true);
    }
    else
    {
      if ( $row['numpost']>0 )
      {
      echo '<span class="small">',QTdatestr($row['lastdate'],'$','$',true),' (',$row['ip'],')';
      }
      else
      {
      echo '<span class="disabled">',$L['None'];
      }
    }
    echo '</span></td>',N,'</tr>',N;
  }
  echo '</table>',N;

}
else
{
  echo $L['None'];
}

// -- Display pager --

echo '<table class="hidden" cellspacing="0" summary="pages"><tr class="hidden"><td id="pager_zb">',$strPager,'</td></tr></table>',N,N;

// FORM

echo '
<h2>',$L['Member_add'],'</h2>
<form method="post" action="',$oVIP->selfurl,'" onsubmit="return ValidateForm(this);">
<table class="data_t" cellspacing="0" summary="add user">
<tr class="data_t">
<td class="colhd">',$L['Role'],'</td>
<td class="colhd">',$L['Username'],'</td>
<td class="colhd">',$L['Password'],'</td>
<td class="colhd">',$L['Email'],'</td>
</tr>
<tr class="data_t">
<td class="colct"><select name="role" size="1">
<option value="A">',$L['Userrole']['A'],'</option>
<option value="M">',$L['Userrole']['M'],'</option>
<option value="U"',QSEL,'>',$L['Userrole']['U'],'</option>
</select></td>
<td class="colct"><input id="title" name="title" type="text" size="20" maxlength="24" value="',(isset($_POST['title']) ? $_POST['title'] : ''),'" onfocus="document.getElementById(\'title_err\').innerHTML=\'\';"/></td>
<td class="colct"><input id="pass" name="pass" type="text" size="20" maxlength="24"  value="',(isset($_POST['pass']) ? $_POST['pass'] : ''),'"/></td>
<td class="colct"><input id="mail" name="mail" type="text" size="30" maxlength="64"  value="',(isset($_POST['mail']) ? $_POST['mail'] : ''),'"/></td>
</tr>
<tr class="data_t">
<td colspan="4" class="colgroup" style="text-align:right"><span id="title_err" class="error"></span> <input id="notify" name="notify" type="checkbox"/><label for="notify">'.$L['Send'].' '.strtolower($L['Email']).'</label>&nbsp; <input id="add" name="add" type="submit" value="',$L['Add'],'"/></td>
</tr>
</table>
</form>
';
if ( !empty($error) ) echo '<span class="error">',$error,'</span>',N,N;
echo '<p><a href="qtf_adm_users_imp.php">',$L['Users_import_csv'],'</a></p>';

// HTML END

include('qtf_adm_p_footer.php');

?>
Return current item: QuickTalk Forum