Location: PHPKode > projects > QuickTicket > quickticket/qti_adm_users.php
<?php

/**
* PHP versions 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTicket
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5 build:20101222
*/

session_start();
require_once('bin/qti_init.php');
if ( $oVIP->role!='A' ) die(Error(13));

include(Translate('qti_adm.php'));
include(Translate('qti_reg.php'));
include('bin/qti_fn_sql.php');

// INITIALISE

$strGroups='';

$oVIP->selfurl = 'qti_adm_users.php';
$oVIP->selfname = '<span class="upper">'.$L['Adm_content'].'</span><br />'.$L['Members'];
$oVIP->exiturl = 'qti_adm_users.php';
$oVIP->exitname = '&laquo; '.$L['Members'];

// --------
// SUBMITTED
// --------

if ( isset($_POST['del']) )
{
  if ( $_POST['cat']=='FM' ) $oDB->Query('DELETE FROM '.TABUSER.' WHERE firstdate=lastdate AND id>1');
  if ( $_POST['cat']=='SM' ) $oDB->Query( 'DELETE FROM '.TABUSER.' WHERE '.SqlDateCondition(DateAdd(date('Ymd'),-1,'year'),'lastdate',8,'<').' AND id>1' );
  if ( $_POST['cat']=='SC' ) $oDB->Query('DELETE FROM '.TABUSER.' WHERE children="2" AND id>1');
  echo '&laquo; <a href="qti_adm_users.php">',$L['Members'],'</a>',N;
  echo '<meta http-equiv="REFRESH" content="3;url=qti_adm_users.php">',N;
  exit;
}

if ( isset($_POST['add']) )
{
  // check
  if ( empty($error) )
  {
    $str = $_POST['title']; if ( get_magic_quotes_gpc() ) $str = stripslashes($str);
    $str = QTconv($str,'U');
    if ( !QTislogin($str) ) $error = $L['Username'].' '.$L['E_invalid'];
    $strTitle = $str;
  }
  if ( empty($error) )
  {
    $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE name="'.$strTitle.'"');
    $row = $oDB->Getrow();
    if ($row['countid']!=0) $error=$L['Username'].' '.$L['E_already_used'];
  }
  if ( empty($error) )
  {
    $str = $_POST['pass']; if ( get_magic_quotes_gpc() ) $str = stripslashes($str);
    $str = QTconv($str,'U');
    if ( !QTispassword($str) ) $error = $L['Password'].' '.$L['E_invalid'];
    $strNewpwd = $str;
  }
  if ( empty($error) )
  {
    $str = trim($_POST['mail']); if ( get_magic_quotes_gpc() ) $str = stripslashes($str);
    if ( !QTismail($str) ) $error = $L['Email'].' '.$L['E_invalid'];
    $strMail = $str;
  }
  // save
  if ( empty($error) )
  {
    include('bin/qt_lib_smtp.php');
    $id = $oDB->Nextid(TABUSER);
    $strQ = 'INSERT INTO '.TABUSER.' (id,name,pwd,closed,role,mail,privacy,firstdate,lastdate,numpost,children,parentmail,photo) VALUES ('.$id.',"'.$strTitle.'","'.sha1($strNewpwd).'","0","'.$_POST['role'].'","'.$strMail.'","1","'.Date('Ymd His').'","'.Date('Ymd His').'",0,"0","","0")';
    $oDB->Query($strQ);

    // Unregister global sys (will be recomputed on next page)
    Unset($_SESSION[QT]['sys_states']);

    // send email
    if ( isset($_POST['notify']) )
    {
    $strSubject = $_SESSION[QT]['site_name'].' - Welcome';
    $strMessage = 'Please find here after your login and password to access the board '.$_SESSION[QT]['site_name'].N.'Login: %s\nPassword: %s';
    $strFile = GetLang().'mail_registred.php';
    if ( file_exists($strFile) ) include($strFile);
    $strMessage = sprintf($strMessage,$strTitle,$strNewpwd);
    QTmail($strMail,QTconv($strSubject,'-4'),QTconv($strMessage,'-4'),QTI_HTML_CHAR);
    }

    // exit
    $oVIP->selfname = $L['Members'];
    $oVIP->EndMessage(NULL,'<h2>'.$L['Register_completed'].'</h2>','admin',2,'350px');
  }
}

// INITIALISE

$strGroup = 'all';
$intLimit = 0;
$intPage = 1;
$strOrder = 'id';
$strDirec = 'ASC';
$strInver = 'DESC';
$strCateg = 'all';

// security check 1
if ( isset($_GET['group']) ) $strGroup = strip_tags($_GET['group']);
if ( isset($_GET['order']) ) $strOrder = strip_tags($_GET['order']);
if ( isset($_GET['dir']) ) $strDirec = strip_tags($_GET['dir']);
if ( isset($_GET['page']) ) $intPage = intval(strip_tags($_GET['page']));
if ( isset($_GET['cat']) ) $strCateg = strip_tags($_GET['cat']);

// security check 2 (no long argument)
if ( strlen($strGroup)>4 ) die('Invalid argument #group');
if ( strlen($strOrder)>20 ) die('Invalid argument #order');
if ( strlen($strDirec)>4 ) die('Invalid argument #dir');
if ( strlen($strCateg)>4 ) die('Invalid argument #cat');

$intLimit = ($intPage-1)*$_SESSION[QT]['topics_per_page'];
if ( $strDirec=='DESC' ) $strInver='ASC';

// --------
// HTML START
// --------

$strHeadScript = '
<script type="text/javascript" src="bin/qt_jquery.js"></script>
<script type="text/javascript">
<!--
function ValidateForm(theForm)
{
  if (theForm.title.value.length==0) { alert(qtHtmldecode("'.$L['Missing'].': '.$L['Username'].'")); return false; }
  if (theForm.pass.value.length==0) { alert(qtHtmldecode("'.$L['Missing'].': '.$L['Password'].'")); return false; }
  if (theForm.mail.value.length==0) { alert(qtHtmldecode("'.$L['Missing'].': '.$L['Email'].'")); return false; }
  return null;
}
$(function() {
  $("#title").blur(function() {
    $.post("qti_j_exists.php",
      {f:"name",v:$("#title").val(),e1:"'.$L['E_min_4_char'].'",e2:"'.$L['E_already_used'].'"},
      function(data) { if ( data.length>0 ) document.getElementById("title_err").innerHTML=data; });
  });
});
-->
</script>
';

include('qti_adm_p_header.php');

// Global statistics  (count users)

  $oDB->Query('SELECT count(id) as countid FROM '.TABUSER);
  $row = $oDB->Getrow();
  $intUsers = $row['countid'];

// Global statistics  (count users without post)

  $oDB->Query('SELECT count(id) as countid FROM '.TABUSER.' WHERE id>1 AND firstdate=lastdate');
  $row = $oDB->Getrow();
  $intFalse = $row['countid'];
  if ( $intFalse>0 )
  {
  $strFalse = '<a href="qti_adm_users.php?cat=FM">[&raquo;]</a>';
  }else{
  $strFalse = S;
  }

// Global statistics  (count users sleeping 1 year)

  $oDB->Query('SELECT count(id) as numuser FROM '.TABUSER.' WHERE id>1 AND lastdate<"'.DateAdd(date('Ymd His'),-1,'year').'"');
  $row = $oDB->Getrow();
  $intSleeping = $row['numuser'];

  if ( $intSleeping>0 )
  {
  $strSleeping = '<a href="qti_adm_users.php?cat=SM">[&raquo;]</a>';
  }else{
  $strSleeping = S;
  }

// Global statistics  (children and children without agreement)

  if ( QTI_USE_COPPA )
  {
    // children (all)
    $oDB->Query('SELECT count(id) as numuser FROM '.TABUSER.' WHERE id>1 AND children<>"0"');
    $row = $oDB->Getrow();
    $intChild = $row['numuser'];

    if ( $intChild>0 )
    {
    $strChild = '<a href="qti_adm_users.php?cat=CH">[&raquo;]</a>';
    }
    else
    {
    $strChild = S;
    }

    // children (without agreement only)
    $oDB->Query('SELECT count(id) as numuser FROM '.TABUSER.' WHERE id>1 AND children="2"');
    $row = $oDB->Getrow();
    $intSleepchild = $row['numuser'];

    if ( $intSleepchild>0 )
    {
    $strSleepChild = '<a href="qti_adm_users.php?cat=SC">[&raquo;]</a>';
    }
    else
    {
    $strSleepChild = S;
    }
  }

echo '<table class="hidden" cellspacing="0">',N;
echo '<tr class="hidden">',N;
echo '<td class="hidden" style="width:500px;">',N;
echo '<table class="data_o" cellspacing="0">',N;
echo '<tr class="data_o">',N;
echo '<td class="colgroup">',$L['Members'],'</td>',N;
echo '<td class="colgroup">&nbsp;</td>',N;
echo '<td class="colgroup"><b>',$intUsers,'</b></td>',N;
echo '<td class="colgroup"><a href="qti_adm_users.php">[&raquo;]</a></td>',N;
echo '</tr>',N;
echo '<tr class="data_o">',N;
echo '<td class="colct">',$L['Members_FM'],'</td>',N;
echo '<td class="colct"><span class="small">',$L['H_Members_FM'],'</span></td>',N;
echo '<td class="colct"><b>',$intFalse,'</b></td>',N;
echo '<td class="colct">',$strFalse,'</td>',N;
echo '</tr>',N;
echo '<tr class="data_o">',N;
echo '<td class="colct">',$L['Members_SM'],'</td>',N;
echo '<td class="colct"><span class="small">',$L['H_Members_SM'],'</span></td>',N;
echo '<td class="colct"><b>',$intSleeping,'</b></td>',N;
echo '<td class="colct">',$strSleeping,'</td>',N;
echo '</tr>',N;
if ( QTI_USE_COPPA )
{
echo '<tr class="data_o">',N;
echo '<td class="colct">',$L['Members_CH'],'</td>',N;
echo '<td class="colct"><span class="small">',$L['H_Members_CH'],'</span></td>',N;
echo '<td class="colct"><b>',$intChild,'</b></td>',N;
echo '<td class="colct">',$strChild,'</td>',N;
echo '</tr>',N;
echo '<tr class="data_o">',N;
echo '<td class="colct">',$L['Members_SC'],'</td>',N;
echo '<td class="colct"><span class="small">',$L['H_Members_SC'],'</span></td>',N;
echo '<td class="colct"><b>',$intSleepchild,'</b></td>',N;
echo '<td class="colct">',$strSleepChild,'</td>',N;
echo '</tr>',N;
}
echo '</table>',N;
echo '</td>',N;
echo '<td class="hidden">&nbsp;</td>',N;
echo '<td class="hidden" id="topparticipants">',N;
echo $L['Top_participants'],'<br />',N;
echo '<table class="hidden" cellspacing="0">',N;

  // Top 5 participants
  $strState = 'name, id, numpost FROM '.TABUSER.' WHERE id>0';
  $strQ = LimitSQL($strState,'numpost DESC',0,5);
  $oDB->Query($strQ);

  For ($i=0;$i<5;$i++)
  {
    $row = $oDB->Getrow();
    if ( !$row ) break;
    echo '<tr class="hidden"><td class="hidden"><a href="qti_user.php?id=',$row['id'],'">',$row['name'],'</a></td><td class="hidden" style="text-align:right">',$row['numpost'],'<td></tr>',N;
  }

echo '</table>
</td>
</tr>
</table>',N,N;

// --------
// Category subform
// --------
if ( $strCateg!='all' )
{
  echo '<h1>',$L['Members_'.$strCateg],' (',$L['H_Members_'.$strCateg],')</h1>',N;
  if ( $strCateg!='CH' )
  {
  echo '<form method="post" action="qti_adm_users.php">';
  $intCount = $intFalse;
  if ( $strCateg=='SM' ) $intCount = $intSleeping;
  if ( $strCateg=='SC' ) $intCount = $intSleepchild;
  echo $L['Delete'],' ',$intCount,' ',$L['Members_'.$strCateg],'&nbsp;&nbsp;<input type="hidden" name="cat" value="',$strCateg,'" /><input type="submit" name="del" value="',$L['Delete'],' !" /></form>',N;
  }
}
// refine query
Switch ($strGroup)
{
  Case 'all': $strWhere = ' WHERE id>=0'; Break;
  Case '0':   $strWhere = ' WHERE '.FirstCharCase('name','a-z'); Break;
  Default:    $strWhere = ' WHERE '.FirstCharCase('name','u').'="'.$strGroup.'"'; Break;
}
// refine query by category
if ( $strCateg=='FM' ) $strWhere .= ' AND id>1 AND firstdate=lastdate'; //false members
if ( $strCateg=='SM' ) $strWhere .= ' AND id>1 AND lastdate<"'.DateAdd(date('Ymd His'),-1,'year').'"'; //sleeping members
if ( $strCateg=='CH' ) $strWhere .= ' AND id>1 AND children<>"0"'; //children
if ( $strCateg=='SC' ) $strWhere .= ' AND id>1 AND children="2"'; //sleeping children

// count query
$oDB->Query('SELECT count(id) as countid FROM '.TABUSER.$strWhere);
$row = $oDB->Getrow();
$intCount = $row['countid'];

// --------
// Button line and pager
// --------

if ( $strCateg=='all' ) $strGroups = HtmlLettres($strGroup,$L['All']);

// -- build pager --

$strPager = MakePager("qti_adm_users.php?cat=$strCateg&group=$strGroup&order=$strOrder&dir=$strDirec",$intCount,$_SESSION[QT]['topics_per_page'],$intPage);
if ( !empty($strPager) ) { $strPager = $L['Page'].$strPager; } else { $strPager=S; }
if ( $intCount<$intUsers ) $strPager = '<span class="small">'.$intCount.' '.$L['Selected_from'].' '.$intUsers.' '.strtolower($L['Members']).'</span>'.($strPager==S ? '' : ' | '.$strPager);

// -- Display button line and pager --

if ( $intCount>$_SESSION[QT]['topics_per_page'] || $strGroup!='all' ) echo '<br /><table class="button" cellspacing="0">',N,'<tr>',N,$strGroups,'</tr>',N,'</table>',N,N;
echo '<table class="hidden" cellspacing="0" ><tr class="hidden"><td id="pager_zt">&nbsp;',$strPager,'</td></tr></table>
';

// --------
// Memberlist
// --------

if ( $intCount!=0 )
{

  $img['NO']='';
  $img['ASC']= ' <img class="ico_sort" src="admin/sort_asc.gif" alt="+" />';
  $img['DESC']= ' <img class="ico_sort" src="admin/sort_desc.gif" alt="-" />';
  $sort['ASC']= 'DESC';
  $sort['DESC']= 'ASC';

  echo '<table class="data_t" cellspacing="0">',N;
  echo '<tr class="data_t">',N;
  if ( $intCount>2 )
  {
    echo '<td class="colhd" style="width:40px;"><a href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=id&amp;dir=' , $sort[$strDirec] , '">Id</a>' , ($strOrder=='id' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd" style="text-align:left"><a href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=name&amp;dir=' , $sort[$strDirec] , '">' , $L['Member'] , '</a>' , ($strOrder=='name' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd"><a href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=closed&amp;dir=' , $sort[$strDirec] , '">' , $L['Ban'] , '</a>' , ($strOrder=='closed' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd"><a  href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=role&amp;dir=' , $sort[$strDirec] , '">' , $L['Role'] , '</a>' , ($strOrder=='role' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    echo '<td class="colhd">',$L['Action'],'</td>',N;
    echo '<td class="colhd"><a href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=numpost&amp;dir=' , $sort[$strDirec] , '">' , $L['Messages'] , '</a>' , ($strOrder=='numpost' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    if ( $strCateg=='FM' || $strCateg=='SC' )
    {
    echo '<td class="colhd"><a href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=firstdate&amp;dir=' , $sort[$strDirec] , '">' , $L['Joined'] , '</a>' , ($strOrder=='firstdate' ? $img[$strDirec] : $img['NO']) , '</td>',N;
    }
    else
    {
    echo '<td class="colhd" style="text-align:left"><a href="qti_adm_users.php?cat=',$strCateg,'&amp;group=',$strGroup,'&amp;page=1&amp;order=lastdate&amp;dir=' , $sort[$strDirec] , '">' , $L['Last_message'] , '</a>' , ($strOrder=='lastdate' ? $img[$strDirec] : $img['NO']) , ' (ip)</td>',N;
    }
  }
  else
  {
    echo '<td class="colhd" style="width:40px;">Id</td>',N;
    echo '<td class="colhd" style="text-align:left">',$L['Member'],'</td>',N;
    echo '<td class="colhd">',$L['Ban'],'</td>',N;
    echo '<td class="colhd">',$L['Role'],'</td>',N;
    echo '<td class="colhd">',$L['Action'],'</td>',N;
    echo '<td class="colhd">',$L['Messages'],'</td>',N;
    if ( $strCateg=='FM' || $strCateg=='SC' )
    {
    echo '<td class="colhd">',$L['Joined'],'</td>',N;
    }
    else
    {
    echo '<td class="colhd" style="text-align:left">',$L['Last_message'],' (ip)</td>',N;
    }
  }
  echo '</tr>',N;

  //-- LIMIT QUERY --
  $strState = 'id,name,closed,role,numpost,firstdate,lastdate,ip FROM '.TABUSER.$strWhere;
  $strQ = LimitSQL($strState,$strOrder.' '.$strDirec,$intLimit,$_SESSION[QT]['topics_per_page'],$intCount);
  $oDB->Query($strQ);
  // --------

  for ($i=0;$i<$_SESSION[QT]['topics_per_page'];$i++)
  {
    $row = $oDB->Getrow();
    if ( !$row ) break;

    switch ($row['closed'])
    {
    case '1': $strBan = '<b>1</b>'; break;
    case '2': $strBan = '<b>10</b>'; break;
    case '3': $strBan = '<b>20</b>'; break;
    case '4': $strBan = '<b>30</b>'; break;
    default: $strBan = $L['N']; break;
    }
    echo '<tr class="data_t rowlight">',N;
    echo '<td class="colct"><span class="small">',$row['id'].'</span></td>',N;
    echo '<td class="colct"><a href="qti_user.php?id=',$row['id'],'">',$row['name'],'</a></td>',N;
    echo '<td class="colct"><span class="small">',$strBan,'</span></td>',N;
    echo '<td class="colct"><span class="small">',$L['Userrole'][$row['role']],'</span></td>',N;
    echo '<td class="colct">',($row['id']>1 ? '<a class="small" href="qti_change.php?a=user_ban&amp;s='.$row['id'].'&amp;v=adm">'.$L['Banish'].'</a> &middot; <a class="small" href="qti_change.php?a=user_del&amp;s='.$row['id'].'&amp;v=adm">'.$L['Delete'].'</a>' : '&nbsp;'),'</td>',N;
    echo '<td class="colct">',$row['numpost'],'</td>',N;
    echo '<td class="colct">';
    if ( $strCateg=='FM' || $strCateg=='SC' )
    {
      echo '<span class="small">',QTdatestr($row['firstdate'],'Y-m-d','');
    }
    else
    {
      if ( $row['numpost']>0 )
      {
      echo '<span class="small">',QTdatestr($row['lastdate'],'Y-m-d',''),' (',$row['ip'],')';
      }
      else
      {
      echo '<span class="disabled">',$L['None'];
      }
    }
    echo '</span></td>',N,'</tr>',N;
  }
  echo '</table>',N;

}
else
{
  echo $L['None'];
}

// -- Display pager --

echo '<table class="hidden" cellspacing="0"><tr><td id="pager_zb">&nbsp;',$strPager,'</td></tr></table>
';

// FORM

echo '
<h2>',$L['Member_add'],'</h2>
<form method="post" action="',$oVIP->selfurl,'" onsubmit="return ValidateForm(this);">
<table class="data_o" cellspacing="0">
<tr class="data_o">
<td class="colhd" style="text-align:left">',$L['Role'],'</td>
<td class="colhd" style="text-align:left">',$L['Username'],'</td>
<td class="colhd" style="text-align:left">',$L['Password'],'</td>
<td class="colhd" style="text-align:left">',$L['Email'],'</td>
</tr>
<tr class="data_o">
<td class="colct"><select name="role" size="1">
<option value="A">',$L['Userrole']['A'],'</option>
<option value="M">',$L['Userrole']['M'],'</option>
<option value="U"',QSEL,'>',$L['Userrole']['U'],'</option>
</select></td>
<td class="colct"><input id="title" name="title" type="text" size="20" maxlength="24" value="',(isset($_POST['title']) ? $_POST['title'] : ''),'" onfocus="document.getElementById(\'title_err\').innerHTML=\'\';" /></td>
<td class="colct"><input id="pass" name="pass" type="text" size="20" maxlength="24"  value="',(isset($_POST['pass']) ? $_POST['pass'] : ''),'" /></td>
<td class="colct"><input id="mail" name="mail" type="text" size="30" maxlength="64"  value="',(isset($_POST['mail']) ? $_POST['mail'] : ''),'" /></td>
</tr>
<tr class="data_o">
<td colspan="4" class="colgroup" style="text-align:right"><span id="title_err" class="error"></span> <input id="notify" name="notify" type="checkbox" /><label for="notify">'.$L['Send'].' '.strtolower($L['Email']).'</label>&nbsp; <input id="add" name="add" type="submit" value="',$L['Add'],'" /></td>
</tr>
</table>
</form>',( !empty($error) ? '<p class="error">'.$error.'</p>' : ''),'
<p><a href="qti_adm_users_imp.php">',$L['Users_import_csv'],'</a></p>';

// HTML END

include('qti_adm_p_footer.php');

?>
Return current item: QuickTicket