Location: PHPKode > projects > Trunk.net > modtask.php
<?

require "include/functions.php";

dbconn(false);

loggedinorreturn();

function puke($text = "Hey watch it w00t")
{
  stderr("w00t", $text);
}

if (get_user_class() < UC_MODERATOR)
  puke();

$action = $_POST["action"];

if ($action == "edituser")
{
  $userid = $_POST["userid"];
  $title = $_POST["title"];
  $avatar = $_POST["avatar"];
   $uploaded = $_POST["uploaded"];
 $downloaded = $_POST["downloaded"];
  $enabled = $_POST["enabled"];
$warned = $_POST["warned"];
$warnlength = 0 + $_POST["warnlength"];
$warnpm = $_POST["warnpm"];
  $donor = $_POST["donor"];
  $parked = $_POST["parked"];
  $modcomment = $_POST["modcomment"];
  if ($_POST['resetpasskey']) $updateset[] = "passkey=''";

  $class = 0 + $_POST["class"];
  if (!is_valid_id($userid) || !is_valid_user_class($class))
    stderr("Error", "Bad user ID or class ID.");
  // check target user class
  $res = mysql_query("SELECT warned, enabled, username, class, parked FROM users WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
  $arr = mysql_fetch_assoc($res) or puke();
  $curenabled = $arr["enabled"];
$curparked = $arr["parked"]; 
 $curclass = $arr["class"];
  $curwarned = $arr["warned"];
  // User may not edit someone with same or higher class than himself!
  if ($curclass >= get_user_class())
    puke();

  if ($curclass != $class)
  {
    // Notify user
    $what = ($class > $curclass ? "promoted" : "demoted");
    $msg = sqlesc("You have been $what to '" . get_user_class_name($class) . "' by $CURUSER[username].");
    $added = sqlesc(get_date_time());
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
    $updateset[] = "class = $class";
    $what = ($class > $curclass ? "Promoted" : "Demoted");
 		$modcomment = gmdate("Y-m-d") . " - $what to '" . get_user_class_name($class) . "' by $CURUSER[username].\n". $modcomment;
  }

  // some Helshad fun
  $fun = ($CURUSER['id'] == 277) ? " Tremble in fear, mortal." : "";

//WARNING
if ($warned && $curwarned != $warned)
{
    $updateset[] = "warned = " . sqlesc($warned);
    $updateset[] = "warneduntil = '0000-00-00 00:00:00'";
    
    if ($warned == 'no')
    {
        writecomment($userid,"Warning removed by " . $CURUSER['username'] . ".");    
        $msg = sqlesc("Your warning have been removed by" . $CURUSER['username'] . ".");
    }
    
    $added = sqlesc(get_date_time());
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
}
elseif ($warnlength)
{
    
    if ($warnlength == 255)
    {
        writecomment($userid,"Warned by " . $CURUSER['username'] . ".\nReason: $warnpm.");    
        $msg = sqlesc("You have been [url=rules.php#warning]warned[/url] by $CURUSER[username]." . ($warnpm ? "\n\nReason: $warnpm" : ""));
        $updateset[] = "warneduntil = '0000-00-00 00:00:00'";
    }else{
        $warneduntil = get_date_time(gmtime() + $warnlength * 604800);
        $dur = $warnlength . " week" . ($warnlength > 1 ? "s" : "");
        $msg = sqlesc("You have been[url=rules.php#warning]warned[/url] for $dur by " . $CURUSER['username'] . "." . ($warnpm ? "\n\nReason: $warnpm" : ""));
        writecomment($userid,"Warned for $dur by " . $CURUSER['username'] .  ".\nReason: $warnpm.");    
        $updateset[] = "warneduntil = '$warneduntil'";
    }
    
    $added = sqlesc(get_date_time());
    mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
    $updateset[] = "warned = 'yes', timeswarned = timeswarned+1, lastwarned=$added, warnedby=$CURUSER[id]";
}

  if ($enabled != $curenabled)
  {
  	if ($enabled == 'yes')
  		$modcomment = gmdate("Y-m-d") . " - Enabled by " . $CURUSER['username'] . ".\n" . $modcomment;
  	else
  		$modcomment = gmdate("Y-m-d") . " - Disabled by " . $CURUSER['username'] . ".\n" . $modcomment;
  }

  if ($parked != $curparked)
{
if ($parked == 'yes')
{
     $days = 30;
    $park_action = (get_date_time(time() + ($days * 86400)));
     $modcomment = date("Y-m-d") . " (\"$days\" day timer started at \"$park_action\- Parked  by " . $CURUSER['username'] . " in userdetails).\n" . $modcomment;
    $msg = sqlesc("Your account has been parked ,\"$park_action\  by " . $CURUSER['username'] . ". You have \"$days\" days to remove this in your profile.or pm a staff to help you [color=orange]parked from userdetails[/color]");
$added = sqlesc(get_date_time());
mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
     $updateset[] = "park_action = '$park_action'";

}
else
{
  $days = 30;
    $park_action = (get_date_time(time() + ($days * 86400)));
   $modcomment = date("Y-m-d") . " (\"$days\" day timer stoped at \"$park_action\"- Parking removed by " . $CURUSER['username'] . " in userdetails).\n" . $modcomment;
    $msg = sqlesc("Your parked status has been removed ,\"$park_action\ by " . $CURUSER['username'] . ", propably because you requested it .[color=orange]unparked from userdetails[/color]");
$added = sqlesc(get_date_time());
mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);

}
}
  
  $updateset[] = "enabled = " . sqlesc($enabled);
  $updateset[] = "donor = " . sqlesc($donor);
  $updateset[] = "parked = " . sqlesc($parked);
$updateset[] = "park_action = " . sqlesc($park_action);
  $updateset[] = "avatar = " . sqlesc($avatar);
   $updateset[] = "uploaded = " . sqlesc($uploaded);
 $updateset[] = "downloaded = " . sqlesc($downloaded);
  $updateset[] = "title = " . sqlesc($title);
  $updateset[] = "modcomment = " . sqlesc($modcomment);
  mysql_query("UPDATE users SET  " . implode(", ", $updateset) . " WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
  $returnto = $_POST["returnto"];

  header("Location: $DEFAULTBASEURL/$returnto");
  die;
}

puke();

?>
PHPKode Newsletter X is easy to install and configure on the most servers. Try now!
Return current item: Trunk.net