<?
////////////////////////////////////////////////////////////////////////
/*SMI - SHOUTcast Management Interface
A web based shoutcast server management program
Founding Author: Scott D. Harvanek <hide@address.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.*/
////////////////////////////////////////////////////////////////////////
if(useraccess($_SESSION['username']) < "5") {
echo "ACCESS DENIED - INCIDENT REPORTED";
$event = " Attempted to access the restricted user management section.";
addevent($_SESSION['username'], $event);
} else {
$db = dbConnect();
/////////////////////////////////////
//
// Handle the post if we are adding a new user
//
/////////////////////////////////////
if(isset($_POST['newuser'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
$email = $_POST['email'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$access = $_POST['access'];
adduser($username, $password, $fname, $lname, $email, $access);
}
/////////////////////////////////////
//
// Handle the post if we are deleting a user
//
/////////////////////////////////////
if(isset($_REQUEST['delete'])) {
$id = $_REQUEST['id'];
$username = $_REQUEST['username'];
deluser($id, $username);
}
/////////////////////////////////////
//
// Handle the post if we are editing a user
//
/////////////////////////////////////
if(isset($_POST['edituser'])) {
$usrname = $_POST['username'];
$origpass = $_POST['origpass'];
$password = md5($_POST['password']);
if($origpass == $_POST['password']) {
$password = $origpass;
}
$email = $_POST['email'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$id = $_POST['id'];
$access = $_POST['access'];
edituser($id, $usrname, $password, $fname, $lname, $email, $access);
}
/////////////////////////////////////
//
// Create our header table, we do this outside the query.
//
/////////////////////////////////////
?>
<table border="0" width="100%">
<tr>
<td align="left">
<b>User List</b><br>
</td>
</tr>
</table>
<table border="0" width="600px" cellspacing="0">
<tr bgcolor="#828282">
<td align="left">
<b>Id</b>
</td>
<td align="left">
<b>Username</b>
</td>
<td align="left">
<b>First Name</b>
</td>
<td align="left">
<b>Last Name</b>
</td>
<td align="left">
<b>Email Address</b>
</td>
<td align="left">
<b></b>
</td>
<td align="left">
<b>Action</b>
</td>
</tr>
<?
/////////////////////////////////////
//
// Run our query and create alternating colors on the rows
//
/////////////////////////////////////
$i = "0";
$members = $db->getRows('members');
foreach ($members as $row) {
$bgcolor = ($i++ & 1) ? '#FFFFFF' : '#bcbcbc';
echo "<tr bgcolor='$bgcolor'>\n";
?>
<td align="left">
<?echo $row[0];?>
</td>
<td align="left">
<?echo $row[1];?>
</td>
<td align="left">
<?echo $row[3];?>
</td>
<td align="left">
<?echo $row[4];?>
</td>
<td align="left">
<?echo $row[5];?>
</td>
<td align="left">
</td>
<td align="left">
<?echo "<a href=\"users.php?edit=yes&userid=$row[0]\">Edit</a>";?>
/ <a href="users.php?delete=yes&id=<?echo $row[0];?>&username=<?echo $row[1];?>" onclick="javascript:return confirm('Are you sure you want to delete this user?')">Delete</a>
</td>
</tr>
<?
}
if(isset($_REQUEST['edit'])) {
$userid = $_REQUEST['userid'];
$members = $db->getRows('members', array('user_id' => $userid));
foreach ($members as $row) {
?>
</table>
<br><br>
<b>Edit User</b>
<form method="post" action="">
<table border="0">
<tr>
<td>
Username:
</td>
<td>
<input type="text" name="username" value="<?echo $row[1];?>">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="hidden" name="origpass" value="<?echo $row[2];?>">
<input type="password" name="password" value="<?echo $row[2];?>">
</td>
</tr>
<tr>
<td>
First Name:
</td>
<td>
<input type="text" name="fname" value="<?echo $row[3];?>">
</td>
</tr>
<tr>
<td>
Last Name:
</td>
<td>
<input type="text" name="lname" value="<?echo $row[4];?>">
</td>
</tr>
<tr>
<td>
Email:
</td>
<td>
<input type="text" name="email" value="<?echo $row[5];?>">
</td>
</tr>
<tr>
<td>
Access Level:
</td>
<td>
<select name="access">
<option value="5" <? if ($row[6] == "5") { echo "selected"; } ?>>Administrator</option>
<option value="4" <? if ($row[6] == "4") { echo "selected"; } ?>>Technician</option>
<option value="3" <? if ($row[6] == "3") { echo "selected"; } ?>>Helper</option>
<option value="2" <? if ($row[6] == "2") { echo "selected"; } ?>>Read Only</option>
<option value="1" <? if ($row[6] == "1") { echo "selected"; } ?>>User</option>
<option value="0" <? if ($row[6] == "0") { echo "selected"; } ?>>Disabled</option>
</select>
</td>
</tr>
<tr>
<td>
<input type="hidden" name="id" value="<? echo $row['0'];?>">
<input type="hidden" name="edituser" value="yes">
<input type="submit" name="go" value="Update User">
</td>
</tr>
</table>
</form>
<?
}
}else{
?>
</table>
<br><br>
<b>Add New User</b>
<form method="post" action="">
<table border="0">
<tr>
<td>
Username:
</td>
<td>
<input type="text" name="username">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
First Name:
</td>
<td>
<input type="text" name="fname">
</td>
</tr>
<tr>
<td>
Last Name:
</td>
<td>
<input type="text" name="lname">
</td>
</tr>
<tr>
<td>
Email:
</td>
<td>
<input type="text" name="email">
</td>
</tr>
<tr>
<td>
Access Level:
</td>
<td>
<select name="access">
<option value="5">Administrator</option>
<option value="4">Technician</option>
<option value="3">Helper</option>
<option value="2">Read Only</option>
<option value="1">User</option>
<option value="0">Disabled</option>
</select>
</td>
</tr>
<tr>
<td>
<input type="hidden" name="newuser" value="yes">
<input type="submit" name="go" value="Add User">
</td>
</tr>
</table>
</form>
<?
}
}
?>