Location: PHPKode > projects > raSMP > rasmp/admin/account.php
<?php

/*******************************************************************

 Name		: raSMP 2.0
 Copyright	: 2002, Adam Alkins
 Website	: http://www.rasmp.com
 email		: hide@address.com

 $Id: account.php,v 1.37 2003/03/27 03:47:09 rasadam Exp $: 

*******************************************************************/

/*******************************************************************

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the 
Free Software Foundation Inc., 59 Temple Place, Suite 330,
Boston, MA  02111-1307  USA

*******************************************************************/

/*

(Admin) Account Management

*/

define('RASMP',true);
define('RASMP_ADMIN',true);
define('SCRIPT_PATH','../');
include SCRIPT_PATH.'common/extension.inc';
include SCRIPT_PATH.'common/admin_common.'.FILE_EXT;

global $config;

function do_header($title)
{
  	display_header($title);
	display_menu();
	display_body();
}

function display_menu()
{
?>

<table width="98%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td bgcolor="#0066CC">
      <div align="center"><a class="menulink" href="<?php echo attach_sid("account.".FILE_EXT."?mode=add"); ?>">Add</a> | <a class="menulink" href="<?php echo attach_sid("account.".FILE_EXT."?mode=delete"); ?>">Delete</a> | <a class="menulink" href="<?php echo attach_sid("account.".FILE_EXT."?mode=index"); ?>">Index</a> | <a class="menulink" href="<?php echo attach_sid("account.".FILE_EXT."?mode=modify"); ?>">Modify</a></div>
    </td>
  </tr>
</table>

<?php

}

// Check authentication
check_auth('account');

unset($mode);
$mode = strtolower($_GET['mode']);
switch($mode)
{
	case 'add':
		if(isset($_POST['doadd']))
		{
			unset($query_vars);
			unset($url_vars);
			unset($error_flag);
			unset($column_vars);
			
			$column_vars = '';
			$query_vars = '';
			$url_vars = '';
			
			// get modules
			$query = "SELECT * FROM ".ADMIN_TABLE." ORDER BY module_file";
			$result = db_query($query, 'Could not select admin modules');
			
			while($module_data = db_fetchassoc($result))
			{
				// split to just first part of the filename
				$module = explode('.',$module_data['module_file']);
				
				if(!isset($_POST['perm_'.$module[0]]))
				{
					// 1 is for a missing permission
					$error_flag = 1;
				}
				else if($_POST['perm_'.$module[0]]!=1&&$_POST['perm_'.$module[0]]!=0)
				{
					// 2 is for a wrongly set permission
					$error_flag = 2;
				}
				else
				{
					// attributes for the insert query
					$query_vars .= ", '".$_POST['perm_'.$module[0]]."'";
					
					$column_vars .= ', perm_'.$module[0];
					
					// attributes to attach to the url
					$url_vars .= "&perm_".$module[0]."=".$_POST['perm_'.$module[0]];
				}
			}
			
			if($error_flag == 1)
			{
				redirect_page('Missing Permission Setting(s)',attach_sid("account.".FILE_EXT."?mode=add&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));				
			}
			else if($error_flag == 2)
			{
				redirect_page('Permission Setting(s) Incorrect',attach_sid("account.".FILE_EXT."?mode=add&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));					
			}
			
			// if username, password or email aren't set
			if( !isset($_POST['user_name'])||!isset($_POST['user_password'])||!isset($_POST['user_email']) )
			{
				redirect_page('Missing field data',attach_sid("account.".FILE_EXT."?mode=add&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			// if username is blank
			if( $_POST['user_name'] == '' )
			{
				redirect_page('Username Invalid',attach_sid("account.".FILE_EXT."?mode=add&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			$user_name = clean($_POST['user_name']);
			// query to see if username is already there
			$query = "SELECT user_id FROM ".ACCOUNTS_TABLE." WHERE user_name = '".$user_name."'";
			if(db_numrows('',$query,'Could not select username from Accounts table')==1)
			{
				redirect_page('Username already exists',attach_sid("account.".FILE_EXT."?mode=add&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			// if email address is invalid
			if( !validate_email($_POST['user_email']) )
			{
				redirect_page('Email Address Invalid',attach_sid("account.".FILE_EXT."?mode=add&user_id=".$_POST['user_id']."&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}			

			// if password is blank
			if( $_POST['user_password'] == '' )
			{
				redirect_page('Password Cannot be Blank!',attach_sid("account.".FILE_EXT."?mode=add&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}

			// insert the record
			$query = "INSERT INTO ".ACCOUNTS_TABLE." (user_name, user_password, user_email".$column_vars.") VALUES('".clean($_POST['user_name'])."','".clean(md5($_POST['user_password']))."','".clean($_POST['user_email'])."'".$query_vars.")";
			db_query($query, 'Could not insert accounts record');
			
			redirect_page('Successfully Created Account',attach_sid("account.".FILE_EXT."?mode=index"));
		}
		else
		{
			do_header("Admin Panel >> Account Management >> Add");	
?>
<form name="add" method="post" action="<?php echo attach_sid("account.".FILE_EXT."?mode=add"); ?>">
  <div align="center"><p>You can create a new Admin Account here and specify their permissions. Note: Giving users access to this module (Account Management) means they can delete you!</p>
    <p>Username: 
      <input type="textfield" name="user_name" value="<?php echo urldecode($_GET['user_name']); ?>" />
    </p>
    <p>Password: 
      <input type="password" name="user_password" />
    </p>
    <p>Email Address: 
      <input type="textfield" name="user_email" value="<?php echo urldecode($_GET['user_email']); ?>" />
    </p>
	<p>
<table width="50%" border="1" cellspacing="0" cellpadding="0" align="center" bordercolor="#A8B9FF">
  <tr> 
    <td bgcolor="0066CC"> 
      <div align="center"><b><font color="#FFFFFF" size="3">Module Name</font></b></div>
    </td>
    <td bgcolor="0066CC"> 
      <div align="center"><font size="3" color="#FFFFFF"><b>Permission</b></font></div>
    </td>
  </tr>
<?php
				// get modules list
				$query = "SELECT a.*, c.category_name, c.category_order FROM ".ADMIN_TABLE." as a, ".ADMIN_CATS_TABLE." as c WHERE a.admin_cat = c.category_id ORDER BY c.category_order ASC, module_name ASC";
				$result = db_query($query, 'Could not select admin modules');
				
				$corder = 0;
				
				while($module_data = db_fetchassoc($result))
				{
					if($module_data['category_order']==$corder)
					{
						echo '
  <tr>
    <td valign="middle"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><strong>'.stripslashes($module_data['category_name']).'</strong></font></div>
    </td
  </tr>';
  						$corder++;
					}
					else if($module_data['category_order']>$corder)
					{
						echo '
  <tr>
    <td valign="middle"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><strong>'.stripslashes($module_data['category_name']).'</strong></font></div>
    </td
  </tr>';
  						$corder = $module_data['category_order'] + 1;
					}
?>
  <tr>
    <td valign="middle"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo stripslashes($module_data['module_name']); ?></font></div>
    </td>
    <td width="100" valign="middle"> 
<?php
				// split to module name (first part of the file name)
				$module = explode('.',$module_data['module_file']);
				echo '<p align="center"><select name="perm_'.$module[0].'">';
				
				// if it was selected before (yes)
				if($_GET['perm_'.$module[0]]==1)
				{
					echo '<option value="1" selected>Yes</option>';
					echo '<option value="0">No</option>';
				}
				else
				{
					echo '<option value="0" selected>No</option>';
					echo '<option value="1">Yes</option>';
				}
				
				echo '</select></p></td></tr>';			
			}					
?>
</table>  	
	</p>
       <input type="submit" name="doadd" value="Add Account" />
  </div>
</form>
<?php
			display_footer();	
		}
		break;
	case 'delete':
		// if it has the account data either way
		if(isset($_POST['dodelete'])||isset($_GET['user_id']))
		{
			unset($delete_id);
			
			// if button was pressed
			if(isset($_POST['dodelete']))
			{
				// check for the name
				if(!isset($_POST['user_name']))
				{
					redirect_page('No Account provided to Delete',attach_sid("account.".FILE_EXT."?mode=delete"));
				}
				
				// query to get the user_id	
				$query = "SELECT user_id FROM ".ACCOUNTS_TABLE." WHERE user_name = '".addslashes($_POST['user_name'])."'";
				$result = db_query($query,'Could not query user name data');
				
				// if account doesn't exist
				if(db_numrows($result)=='0')
				{
					redirect_page('Account not Found',attach_sid("account.".FILE_EXT."?mode=delete&user_name=".urlencode($_POST['user_name'])));
				}

				$account_data = db_fetchassoc($result);
				
				$delete_id = $account_data['user_id'];
			}
			else
			{
				// set as an integer
				$delete_id = intval($_GET['user_id']);
				
				// check if account exists
				$query = "SELECT user_id FROM ".ACCOUNTS_TABLE." WHERE user_id = $delete_id";
				$result = db_query($query,'Could not query user id');
				
				if(db_numrows($result)==0)
				{
					redirect_page('Account not Found',attach_sid("account.".FILE_EXT."?mode=delete"));
				}
			}
			
			// deletes account data
			$query = "DELETE FROM ".ACCOUNTS_TABLE." WHERE user_id = $delete_id";
			db_query($query,'Could not delete account data');
			
			// deletes all sessions for the user_id
			$query = "DELETE FROM ".SESSIONS_TABLE." WHERE session_user_id = $delete_id";
			db_query($query,'Could not delete session data');
			
			redirect_page('Account Successfully Deleted',attach_sid("account.".FILE_EXT."?mode=index"));						
		}
		else
		{
			do_header("Admin Panel >> Account Management >> Delete");
?>
<form name="delete" method="post" action="<?php echo attach_sid("account.".FILE_EXT."?mode=delete"); ?>">
  <div align="center"><p>You can delete an account here by entering the person's username. Note: If you delete every account, you will NOT be able to log in!</p>
    <p>Username: 
      <input type="textfield" name="user_name" value="<?php echo urldecode($_GET['user_name']); ?>" />
    </p>
       <input type="submit" name="dodelete" value="Delete Account" />
  </div>
</form>
<?php
			display_footer();			
		}
		break;
	case 'modify':
		if(isset($_POST['domodify']))
		{
			$_POST['user_id'] = intval($_POST['user_id']);
			
			if(!isset($_POST['user_id']))
			{
				redirect_page('Invalid Account',attach_sid("account.".FILE_EXT."?mode=modify"));
			}
			
			$query = "SELECT user_name,user_password FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$_POST['user_id'];
			$result = db_query($query,'Could not fetch data from Accounts table');
			
			if(db_numrows($result)==0)
			{
				redirect_page('Account does not exist',attach_sid("account.".FILE_EXT."?mode=modify"));
			}
			
			$account_data = db_fetchassoc($result);
			
			unset($query_vars);
			unset($url_vars);
			unset($error_flag);
			
			$query_vars = '';
			$url_vars = '';
			
			// get modules
			$query = "SELECT * FROM ".ADMIN_TABLE." ORDER BY module_file";
			$result = db_query($query, 'Could not select admin modules');
			
			while($module_data = db_fetchassoc($result))
			{
				// split to just first part of the filename
				$module = explode('.',$module_data['module_file']);
				
				if(!isset($_POST['perm_'.$module[0]]))
				{
					// 1 is for a missing permission
					$error_flag = 1;
				}
				else if($_POST['perm_'.$module[0]]!=1&&$_POST['perm_'.$module[0]]!=0)
				{
					// 2 is for a wrongly set permission
					$error_flag = 2;
				}
				else
				{
					// attributes for the insert query
					$query_vars .= ", perm_".$module[0]." = '".$_POST['perm_'.$module[0]]."'";
					
					// attributes to attach to the url
					$url_vars .= "&perm_".$module[0]."=".$_POST['perm_'.$module[0]];
				}
			}
			
			if($error_flag == 1)
			{
				redirect_page('Missing Permission Setting(s)',attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$_POST['user_id']."&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));				
			}
			else if($error_flag == 2)
			{
				redirect_page('Permission Setting(s) Incorrect',attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$_POST['user_id']."&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));					
			}
			
			// if username, password or email aren't set
			if( !isset($_POST['user_name'])||!isset($_POST['user_password'])||!isset($_POST['user_email']) )
			{
				redirect_page('Missing field data',attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$_POST['user_id']."&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			// if email address is invalid
			if( strlen($_POST['user_email'])<6 )
			{
				redirect_page('Email Address Invalid',attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$_POST['user_id']."&user_name=".urlencode($_POST['user_name'])."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			// if username is blank
			if( $_POST['user_name'] == '' )
			{
				redirect_page('Username Invalid',attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$_POST['user_id']."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			// query to see if username is already there (if changed)
			$query = "SELECT user_id FROM ".ACCOUNTS_TABLE." WHERE user_name = '".clean($_POST['user_name'])."' AND user_name <> '".clean($_POST['user_name'])."'";
			if(db_numrows('',$query,'Could not select username from Accounts table')==1)
			{
				redirect_page('Username already exists',attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$_POST['user_id']."&user_email=".urlencode($_POST['user_email']).$url_vars));
			}
			
			// if password is blank
			if( $_POST['user_password'] == '' )
			{
				// update the record
				$query = "UPDATE ".ACCOUNTS_TABLE." SET user_name = '".clean($_POST['user_name'])."', user_email = '".clean($_POST['user_email'])."'".$query_vars." WHERE user_id = ".$_POST['user_id'];
			}
			else
			{
				// update the record
				$query = "UPDATE ".ACCOUNTS_TABLE." SET user_name = '".clean($_POST['user_name'])."', user_password = '".md5(clean($_POST['user_password']))."', user_email = '".clean($_POST['user_email'])."'".$query_vars." WHERE user_id = ".$_POST['user_id'];
			}
			
			db_query($query, 'Could not update accounts record');

			if( (md5($_POST['user_password'])!=$account_data['user_password']&&$_POST['user_password']!='')||$_POST['user_name']!=$account_data['user_name'])
			{
				$query = "DELETE FROM ".SESSIONS_TABLE." WHERE session_user_id = ".$_POST['user_id'];
				db_query($query, 'Could not delete sessions data');
			}
						
			redirect_page('Successfully Modified Account',attach_sid("account.".FILE_EXT."?mode=index"));
		}
		else
		{
			if(!isset($_GET['user_id'])&&!isset($_POST['user_name']))
			{
				do_header("Admin Panel >> Account Management >> Modify");
?>
<form name="modify" method="post" action="<?php echo attach_sid("account.".FILE_EXT."?mode=modify"); ?>">
  <div align="center"><p>Enter of the name of the account you'd like to modify its details for.</p>
    <p>Username: 
      <input type="textfield" name="user_name" />
    </p>
       <input type="submit" name="Submit" value="Modify Account" />
  </div>
</form>
<?php
				display_footer();
			}
			else
			{
				if(isset($_GET['user_id']))
				{
					$_GET['user_id'] = intval($_GET['user_id']);
					
					$query = "SELECT * FROM ".ACCOUNTS_TABLE." WHERE user_id = ".$_GET['user_id'];
				}
				else
				{
					$query = "SELECT * FROM ".ACCOUNTS_TABLE." WHERE user_name = '".addslashes(urldecode($_POST['user_name']))."'";
				}
				
				$result = db_query($query,'Could not fetch data from Accounts table');
				
				if(db_numrows($result)==0)
				{
					redirect_page('Account could not be found',attach_sid("account.".FILE_EXT."?mode=modify"));
				}
				
				$account_data = db_fetchassoc($result);
				
				unset($user_name);
				unset($user_email);
				
				if(isset($_GET['user_name']))
				{
					$user_name = urldecode($_GET['user_name']);
				}
				else
				{
					$user_name = $account_data['user_name'];
				}
				
				if(isset($_GET['user_email']))
				{
					$user_email = urldecode($_GET['user_email']);
				}
				else
				{
					$user_email = $account_data['user_email'];
				}		
					
				do_header("Admin Panel >> Account Management >> Modify");	
?>
<form name="add" method="post" action="<?php echo attach_sid("account.".FILE_EXT."?mode=modify"); ?>">
  <div align="center"><p>You can change the settings for this account. Note: Users can change their own password and email address via the Admin Index and don't need access to this module to do so.<br /><i>Leave Password Blank to not Change</i></p>
    <p>Username: 
      <input type="textfield" name="user_name" value="<?php echo $user_name; ?>" />
    </p>
    <p>Password: 
      <input type="password" name="user_password" />
    </p>
    <p>Email Address: 
      <input type="textfield" name="user_email" value="<?php echo $user_email; ?>" />
    </p>
	<p>
<table width="50%" border="1" cellspacing="0" cellpadding="0" align="center" bordercolor="#A8B9FF">
  <tr> 
    <td bgcolor="0066CC"> 
      <div align="center"><b><font color="#FFFFFF" size="3">Module Name</font></b></div>
    </td>
    <td bgcolor="0066CC"> 
      <div align="center"><font size="3" color="#FFFFFF"><b>Permission</b></font></div>
    </td>
  </tr>
<?php
				// get modules list
				$query = "SELECT a.*, c.category_name, c.category_order FROM ".ADMIN_TABLE." as a, ".ADMIN_CATS_TABLE." as c WHERE a.admin_cat = c.category_id ORDER BY c.category_order ASC, module_name ASC";
				$result = db_query($query, 'Could not select admin modules');
				
				$corder = 0;
				
				while($module_data = db_fetchassoc($result))
				{
					if($module_data['category_order']==$corder)
					{
						echo '
  <tr>
    <td valign="middle"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><strong>'.stripslashes($module_data['category_name']).'</strong></font></div>
    </td
  </tr>';
  						$corder++;
					}
					else if($module_data['category_order']>$corder)
					{
						echo '
  <tr>
    <td valign="middle"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><strong>'.stripslashes($module_data['category_name']).'</strong></font></div>
    </td
  </tr>';
  						$corder = $module_data['category_order'] + 1;
					}					
?>
  <tr>
    <td valign="middle"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo stripslashes($module_data['module_name']); ?></font></div>
    </td>
    <td width="100" valign="middle"> 
<?php
					// split to module name (first part of the file name)
					$module = explode('.',$module_data['module_file']);
					echo '<p align="center"><select name="perm_'.$module[0].'">';
				
					// if it was selected before (yes)
					if(isset($_GET['perm_'.$module[0]]))
					{
						if($_GET['perm_'.$module[0]]==1)
						{
							echo '<option value="1" selected>Yes</option>';
							echo '<option value="0">No</option>';
						}
						else
						{
							echo '<option value="0" selected>No</option>';
							echo '<option value="1">Yes</option>';
						}					
					}
					else
					{
						if($account_data['perm_'.$module[0]]==1)
						{
							echo '<option value="1" selected>Yes</option>';
							echo '<option value="0">No</option>';
						}
						else
						{
							echo '<option value="0" selected>No</option>';
							echo '<option value="1">Yes</option>';
						}
					}							
					echo '</select></p></td></tr>';
				}						
?>
</table>  	
	</p>
	   <input type="hidden" name="user_id" value="<?php echo $account_data['user_id']; ?>" />
       <input type="submit" name="domodify" value="Save Changes" />
  </div>
</form>
<?php
				display_footer();
			}			
		}
		break;
	case 'index':
	default:
		unset($order_by);
		unset($sort_by);
		unset($o_sort_by);
		unset($o_order_by);
		unset($query_arguments);
		unset($url_arguments);
		
		$_GET['orderby'] = strtolower($_GET['orderby']);
		 
		if( ($_GET['orderby']=='user_name')||($_GET['orderby']=='user_email'||($_GET['orderby']=='this_login')) )
		{
		    $order_by = $_GET['orderby'];
		}
		else
		{
		 	$order_by = 'user_name';
		}
		 
		$_GET['sortby'] = strtoupper($_GET['sortby']);
		 
		if($_GET['sortby']=='ASC')
		{
			$sort_by = 'ASC';
			$o_sort_by = 'DESC';
		}
		else if($_GET['sortby']=='DESC')
		{
			$sort_by = 'DESC';
			$o_sort_by = 'ASC';		  	    
		}
		else
		{
		 	$sort_by = 'ASC';
			$o_sort_by = 'DESC';
		}
		 
		$query_arguments = ' ORDER BY '.$order_by.' '.$sort_by;
		$url_arguments = '&sortby='.$o_sort_by;
		do_header("Admin Panel >> Account Management");
?>
<p align="center">Welcome to the Account Management Module. You can Add new accounts via the Add link, Delete Accounts with the Delete link and Modify permissions, password and email addresses in the Modify link.</p>
<table width="90%" border="1" cellspacing="0" cellpadding="0" align="center" bordercolor="#A8B9FF">
  <tr> 
    <td bgcolor="0066CC"> 
      <div align="center"><b><font color="#FFFFFF" size="3"><?php echo "<a class=\"sortlink\" href=\"".attach_sid('account.'.FILE_EXT.'?sort_by=user_name'.$url_arguments)."\">"; ?>Username</a></font></b></div>
    </td>
    <td bgcolor="0066CC"> 
      <div align="center"><font size="3" color="#FFFFFF"><b><?php echo "<a class=\"sortlink\" href=\"".attach_sid('account.'.FILE_EXT.'?sort_by=user_email'.$url_arguments)."\">"; ?>Email Address</a></b></font></div>
    </td>
    <td bgcolor="0066CC"> 
      <div align="center"><font size="3" color="#FFFFFF"><b><?php echo "<a class=\"sortlink\" href=\"".attach_sid('account.'.FILE_EXT.'?sort_by=this_login'.$url_arguments)."\">"; ?>Last Login</a></b></font></div>
    </td>
    <td bgcolor="0066CC">&nbsp;</td>
    <td bgcolor="0066CC">&nbsp;</td>
  </tr>
<?php
		$query = "SELECT user_id,user_name,user_email,this_login FROM ".ACCOUNTS_TABLE.$query_arguments;
		$result = db_query($query, 'Could not fetch Accounts data');
		
		while($account_data = db_fetchassoc($result))
		{
?>
  <tr>
    <td width="100"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo $account_data['user_name']; ?></font></div>
    </td>
    <td nowrap="nowrap"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><a href="mailto: <?php echo $account_data['user_email']; ?>"><?php echo $account_data['user_email']; ?></a></font></div>
    </td>
    <td nowrap="nowrap"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo date("d/n/Y g:iA", $account_data['this_login']); ?></font></div>
    </td>
    <td width="50"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo "<a href=\"".attach_sid("account.".FILE_EXT."?mode=delete&user_id=".$account_data['user_id'])."\">Delete</a>"; ?></font></div>
    </td>
    <td width="50"> 
      <div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo "<a href=\"".attach_sid("account.".FILE_EXT."?mode=modify&user_id=".$account_data['user_id'])."\">Modify</a>"; ?></font></div>
    </td>
  </tr>
<?php
		}
?>
</table>
<br />
<p aligh="center"><a href="<?php echo attach_sid("account.".FILE_EXT."?mode=add"); ?>">Add an Account</a></p>&nbsp;<br /><h2>Online Accounts</h2>
                  <table width="90%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#a8b9ff">
                    <tr>
                      <td bgcolor="#0066CC"><div align="center">
                          <font color="#FFFF00" size="3"><strong>Username</strong></font>
                        </div></td>
                      <td bgcolor="#0066CC"><div align="center"><strong><font color="#FFFF00">Page</font></strong></div></td>
                      <td bgcolor="#0066CC"><div align="center">
                          <font color="#FFFF00" size="3"><strong>Time Last Active</strong></font>
                        </div></td>
                      <td bgcolor="#0066CC"><div align="center"><strong><font color="#FFFF00">IP Address</font></strong></div></td>

                    </tr><?php
		$query = "SELECT a.user_id, a.user_name, s.session_page, s.session_time, s.session_ip FROM ".ACCOUNTS_TABLE." AS a, ".SESSIONS_TABLE." as s WHERE s.session_user_id = a.user_id AND s.session_time >= ".date("U")." - ".$config['online_timeout']." ORDER BY a.user_name";
		$result = db_query($query,'Could not fetch online users');
		$numrows = db_numrows($result);
		$online_data = db_fetchrows($result);
		
		for($i = 0; $i < $numrows; $i++)
		{
			echo '<tr>
                      <td><div align="left">&nbsp;<a href="'.attach_sid('account.'.FILE_EXT.'?mode=modify&user_id='.$online_data[$i]['user_id']).'">'.$online_data[$i]['user_name'].'</a></div></td>
					 ';
			if($online_data[$i]['session_page'] != 'index')
			{
				$query = "SELECT module_name, module_file FROM ".ADMIN_TABLE." WHERE module_file = '".$online_data[$i]['session_page'].".".FILE_EXT."'";
				$result = db_query($query,'Could not fetch module info');
				
				if(db_numrows($result)==0)
				{
					echo '<td><div align="center">-</div></td>';
				}
				else
				{
					$row = db_fetchassoc($result);
					echo '<td><div align="center"><a href="'.SCRIPT_PATH.ADMIN_PATH.attach_sid($row['module_file']).'">'.$row['module_name'].'</a></div></td>';
				}
			}
			else
			{
				echo '<td><div align="center"><a href="'.attach_sid('index.'.FILE_EXT).'">Admin Index</a></div></td>';
			}
			
			echo '<td><div align="center">'.date("g:i a",$online_data[$i]['session_time']).'</div></td>';
			echo '<td><div align="center">'.format_ipv4($online_data[$i]['session_ip']).'</div></td>';
			
			echo '</tr>';
		}
?>
                  </table>
<?php
		display_footer();
}

?>
Return current item: raSMP