Location: PHPKode > projects > Spam free PHP GuestBook > Spam free PHP GuestBook-1.2beta/gb/admin/include/clsuser.php
<?php
/*
Copyright (c) 2008 http://ramui.com/. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class user extends clsmain
{
private function show_userlist($page,$sortColumn,$sortDirection)
{
        $search='';
        $sortDir=((empty($sortDirection))? 'Desc' : 'Asc');
		$sort_arr=array('tu.id','tu.user','p','c','tu.date');
        $sortCol=$sort_arr[$sortColumn];
        if(!empty($_GET['SearchFileString'])){$search=htmlspecialchars(fw_strip_slashes($_GET['SearchFileString']));}
        $this->build_head("Users list", "");
        $query= "SELECT id FROM ".$this->prefix."user WHERE user LIKE \"$search%\"";
        $result = @mysql_query($query);
        $num_rows = @mysql_num_rows($result);
        if($num_rows <= 0){echo '<div style="margin:20px; font-size:14px;">Empty user list!</div>';}
        else{
			$start_count=($page-1)*$this->list_perpage;
			$totalpage=fw_total_page($num_rows, $this->list_perpage);
			echo '<table id="list"><tr><td width="25%" class="heading">';
			echo '<a href="index.php?qur=3M6M1M1M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
			echo '<a href="index.php?qur=3M6M1M1M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>User</td>';
			echo '<td width="25%" class="heading" style="border-left:1px solid #888888;">';
			echo '<a href="index.php?qur=3M6M1M2M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
			echo '<a href="index.php?qur=3M6M1M2M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Post</td>';
			echo '<td width="25%" class="heading">';
			echo '<a href="index.php?qur=3M6M1M3M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
			echo '<a href="index.php?qur=3M6M1M3M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Comment</td>';
			echo '<td width="25%" class="heading" style="border-right:#888888;">';
			echo '<a href="index.php?qur=3M6M1M4M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
			echo '<a href="index.php?qur=3M6M1M4M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Date</td></tr>';
			echo '<tr><td colspan="4"><a title="Remove filter" href="index.php?qur=3M">User list:</a></td></tr>';
			$query="SELECT tu.id, tu.user, tu.date, tu.level, IF(ISNULL(tp.id),0,COUNT(tp.id)) AS p, b.cc AS c FROM ";
			$query.=$this->prefix."user tu LEFT JOIN ".$this->prefix."post tp ON tp.uid = tu.id LEFT JOIN ";
			$query.="(SELECT uid, COUNT(id) AS cc  FROM ".$this->prefix."comments GROUP BY uid) AS b  ON tu.id = b.uid ";
			$query.="WHERE tu.user LIKE \"$search%\" ";
			$query.="GROUP BY tu.id ORDER BY $sortCol $sortDir LIMIT ".$start_count.", ".$this->list_perpage;
			$result = @mysql_query($query);
			while($row = @mysql_fetch_array($result, MYSQL_ASSOC)){
				$status='<img src="images/userpending.gif" title="Pending" alt="P" />';$color='#aaaa66';
				if($row['level']==6){$status='<img src="images/user.gif" title="confirm" alt="C" />';$color='#333333';}
				if($row['level']==0){$status='<img src="images/userban.gif" title="Ban" alt="B" />';$color='#aa6666';}
				echo '<tr onMouseOver="this.className=\'highlight\'" onMouseOut="this.className=\'normal\'"><td>';
				echo $status.'&nbsp;&nbsp;<a style="color:'.$color.';" href="index.php?qur=3M7M'.$row['id'].'">'.$row['user'].'</a></td>';
				echo '<td>'.((empty($row['p']))? 'Post(0)' : '<a href="index.php?qur=2M6M1M'.$row['id'].'M0M0">Post('.$row['p'].')</a>').'</td>';
				echo '<td>'.((empty($row['c']))? 'Comments(0)' : '<a href="index.php?qur=9M6M1M'.$row['id'].'M0M0M0">Comments('.$row['c'].')</a>').'</td>';
				echo '<td>'.date("M d, H:i", $row['date']).'</td></tr>';}
			echo '<tr><td colspan="4"><b>No. of pages:&nbsp;'.$totalpage.'</b>&nbsp;&nbsp;&nbsp;';
			for($p=1; $p<=$totalpage; $p++){
				 if($p==$page){echo '<span style="color:#aaaaaa;">['.$p.']</span>&nbsp;';}
				 else{echo '[<a href="index.php?qur=3M6M'.$p.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">'.$p.'</a>]&nbsp;';}
			}
			echo '</td></tr>';
			echo '<tr><td colspan="4" style="background:#e0e0e0;">';
			$searchUrl="'index.php?qur=3M6M1M0'";
			echo '<form name="frmSearchList" style="float:right; margin:0; color:#000000;" onSubmit="return fw_search('.$searchUrl.');">';
			echo 'Search User:&nbsp;<input name="txtSearch" id="txtSearch" style="" type="text" value="';
			echo (($search=='')? 'Type first few characters...' : $search);
			echo '" size="20" onClick="fw_cleartext(this,\'Type first few characters...\');">&nbsp;<input name="Submit" type="button" style="width:80px; font-size:11px; color:#333333;" value="Search" onClick="fw_search('.$searchUrl.');"></form></td></tr></table>';}
        echo '</div>';
        $this->build_footer();
}

private function show_edit($user_id)
{
        $query  = "SELECT tu.*, IF(ISNULL(tp.id),0,COUNT(tp.id)) AS p, b.cc AS c FROM ";
		$query.=$this->prefix."user tu LEFT JOIN ".$this->prefix."post tp ON tp.uid = tu.id LEFT JOIN ";
		$query.="(SELECT uid, COUNT(id) AS cc  FROM ".$this->prefix."comments GROUP BY uid) AS b  ON tu.id = b.uid ";
		$query.="WHERE tu.id = %d";
		$query=sprintf($query,$user_id);
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if(empty($row)){@header("Location: index.php?qur=6M");exit;}
        $this->build_head("User informations:",'<script type="text/javascript" src="script/user.js"></script>');
        include "include/edituser.php";
        $this->build_footer();
}
private function show_mail($id)
{
		$from='noreply@'.str_replace('www.','',getenv('HTTP_HOST'));
		$str="<html xmlns=\"http://www.w3.org/1999/xhtml\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">\n";
		$str.="<title>Contact</title>\n";
		$str.="<script type=\"text/javascript\" src=\"../script/common.js\"></script>\n";
		$str.="<script type=\"text/javascript\" src=\"script/mail.js\"></script>\n";
		$str.="<style type=\"text/css\">\n";
		$str.="body{margin:0; padding:10px; font-family: arial, serif;} td{font-size:11px;} .text{height:20px; border:1px solid #808080; width:400px; font-size:11px; padding:0;} .fw_button{width:80px; font-size:12px; font-family:arial; color:#000000; font-weight:600;border:1px solid #999999;background:#ffffff;}\n";
		$str.="#feedback{font-weight:500;font-size:11px;margin: 10px; clear:both;}\n";
		$str.="</style></head><body><form name=\"frmmail\" style=\"width:680px; margin:10px;\" onsubmit=\"return false\"><table id=\"fw_addcomment\"><tr><td id=\"feedback\"></td></tr>\n";
		$str.="<tr><td style=\"padding: 10px 0;\"><b>Subject</b> (100 characters maximum):<br /><input type=\"text\" class=\"text\" name=\"subject\" id=\"subject\" size=\"20\" ></td></tr>\n";
		$str.="<tr><td style=\"padding: 10px 0;\"><b>From</b> (100 characters maximum):<br /><input type=\"text\" class=\"text\" name=\"from\" id=\"from\" size=\"20\" value=\"$from\" ></td></tr>\n";
		$str.="<tr><td style=\"padding: 10px 0;\"><b>Message</b> (1000 characters maximum):<br /><textarea class=\"text\" style=\"height:300px;\" name=\"message\" id=\"message\"></textarea></td></tr>\n";
		$str.="<tr><td style=\"padding:5px 0 0 0;\"><input type=\"reset\" class=\"fw_button\" value=\"Reset\" name=\"B1\" onclick=\"resetForm()\">&nbsp;&nbsp;<input type=\"button\" class=\"fw_button\" value=\"Submit\" onClick=\"fwSend($id);\"></td></tr>\n";
		$str.="</table></form></body></html>\n";
		echo $str;
}
private function send_mail($id)
{
		$subject = trim(fw_strip_slashes(rawurldecode($_POST["subject"])));
		$from = trim(fw_strip_slashes(rawurldecode($_POST["from"])));
		$message = trim(fw_strip_slashes(rawurldecode($_POST["message"])));
		$message=fw_remove_smarttag($message);
		$query=sprintf("SELECT name, email FROM ".$this->prefix."user WHERE id = %d",$id);
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		$message="Message from: ".$_SERVER['HTTP_HOST']."\n\n"."I.P.: ".($_SERVER['REMOTE_ADDR'])."\n\n".'Date: '.date('d.m.Y H:i')."\n\n".$message;
		if(@mail($row['email'],$subject, $message, 'From: '.$from)){echo '<span style="color:green">Message has been successfully sent.</span>';}
		else{echo '<span style="color:red">Error! unable to send message</span>';}
		exit;
}

public function get_query($query='')
{
	if ($this->validate_user()){
		switch ($query[1]){
			case "1":
			  $this->show_mail($query[2]);
			break;
			case "2":
			  $this->send_mail($query[2]);
			break;
			case "3":
			  $this->ban_user($query[2]);
			break;
			case "4":
			  $this->delete_user($query[2]);
			break;
			case "5":
			  $this->log_out();
			break;
			case "6":
			  $this->show_userlist($query[2],$query[3],$query[4]);
			break;
			case "7":
			  $this->show_edit($query[2]);
			break;
			case "8":
			  $this->save_user($query[2]);
			break;
			default :
			  $this->show_userlist(1,0,0);}
	}
	else {if(($query[1]==6)||($query[1]==7)||empty($query[1])){$this->log_in();}}
}

private function save_user($id)
{
        $website=trim(fw_strip_slashes(rawurldecode($_POST["website"])));
        $email=trim(fw_strip_slashes(rawurldecode($_POST["email"])));
		$name=trim(fw_strip_slashes(rawurldecode($_POST["name"])));
		$allowemail=(isset($_POST["allowemail"])? 'Y' : '');
        if(empty($id)){exit;}
        $query="UPDATE ".$this->prefix."user SET name = '%s', email = '%s', website = '%s', allowemail = '$allowemail' WHERE id = %d";
		$query=sprintf($query,mysql_real_escape_string($name),mysql_real_escape_string($email),mysql_real_escape_string($website),$id);
        if(!(@mysql_query($query))){echo '<span style="color:red">Error! '.mysql_error().'</span>';}
        else{echo '<span style="color:green">Data has been updated.</span>';}
		exit;
}

private function ban_user($id)
{
        $query=sprintf("SELECT id, level from ".$this->prefix."user WHERE id = %d",$id);
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if(empty($row)){exit;}
		if($row['level']==0){$level=6; $response='Ban';}
		if($row['level']==6){$level=0; $response='Lift ban';}
		if(($row['level']==7)||($row['level']==8)){$level=6; $response='Ban';}
		$query="UPDATE ".$this->prefix."user SET level = $level WHERE id = $id";
        if(!(@mysql_query($query))){exit;}
		echo $response; exit;
}

private function delete_user($id)
{
        $query = sprintf("DELETE FROM ".$this->prefix."comments WHERE uid = %d",$id);
        @mysql_query($query);
        $query = sprintf("DELETE FROM ".$this->prefix."post WHERE uid = %d",$id);
        @mysql_query($query);
        $query = sprintf("DELETE FROM ".$this->prefix."user WHERE id = %d",$id);
        @mysql_query($query);
        @header("Location: index.php?qur=3M");
}
}
?>
Return current item: Spam free PHP GuestBook