<?php
require ("functions.php");
if(!check_login())
{
header("Location: index.php");
}
if($_SESSION['admin'] != 1)
{
header("Location: admin.php");
exit;
}
if(isset($_POST['action']) && check("username", $_POST['username'], 0))
{
if($_POST['action'] == $lang['update_user'])
{
if(check("domain", $_POST['domainname'], 0) || $_POST['domainname'] == "*")
{
if($_POST['password'] == $_POST['vpassword'])
{
$connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
if(!empty($_POST['password']))
$sql = "UPDATE `$dbusertable` SET username = '" . $_POST['username'] . "', password=MD5('" . $_POST['password'] . "'), domainname='" . $_POST['domainname'] . "',admin=" . $_POST['adminpriv'] . " WHERE userid = " . $_POST['userid'] . ";";
else
$sql = "UPDATE `$dbusertable` SET username = '" . $_POST['username'] . "', domainname='" . $_POST['domainname'] . "', admin=" . $_POST['adminpriv'] . " WHERE userid = " . $_POST['userid'] . ";";
@mysql($dbname, $sql) or die(db_error("query"));
mysql_close($connection);
$error = $lang['user_updated'];
}
else
{
$error = $lang['passwords_not_match'];
}
}
else
{
$error = $lang['invalid_domain'];
}
}
else
{
if(check("domain", $_POST['domainname'], 0) || $_POST['domainname'] == "*")
{
$connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
$sql = "SELECT * FROM `$dbusertable` WHERE username = '" . $_POST['username'] . "';";
$result = @mysql($dbname, $sql) or die(db_error("query"));
$exists = mysql_numrows($result);
mysql_close($connection);
if($exists == 0)
{
if($_POST['password'] == $_POST['vpassword'] || !empty($_POST['password']))
{
$connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
$sql = "INSERT INTO `$dbusertable` VALUES ('','" . $_POST['username'] . "', MD5('password'),'" . $_POST['domainname'] . "', " . $_POST['adminpriv'] . ")";
@mysql($dbname, $sql) or die(db_error("query"));
mysql_close($connection);
$error = $lang['user_added'];
}
else
{
$error = $lang['passwords_not_match'];
}
}
else
{
$error = $lang['user_exists'];
}
}
else
{
$error = $lang['invalid_domain'];
}
}
}
if(isset($_GET['userid']))
{
$connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
$sql = "SELECT * FROM `$dbusertable` WHERE userid=" . $_GET['userid'] . ";";
$result = @mysql($dbname, $sql) or die(db_error("query"));
$row = mysql_fetch_array($result);
$userid = $row[userid];
$username = $row[username];
$domainname = $row[domainname];
$adminpriv = $row[admin];
mysql_close($connection);
}
?>
<html>
<head>
<title><?php echo $lang['user_administration']; ?></title>
<link rel="stylesheet" href="style.css">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
</head>
<body>
<div align="center">
<?php
if(isset($error))
echo "<b>" . $error . "</b><br><br>\n";
?>
<table border="0" cellpadding="4" cellspacing="1" bgcolor="black">
<form method="post" action="admin_useredit.php">
<tr>
<td align="center" class="highlightwhite"><?php echo $lang['user_administration']; ?></td>
</tr>
<tr>
<td bgcolor="white">
<table border="0" cellpadding="4" cellspacing="0">
<tr>
<td class="highlight"><?php echo $lang['username']; ?>:</td>
<td><input type="text" name="username" class="norm" size="20" maxlength="25" value="<?php echo $username; ?>"></td>
</tr>
<tr>
<td class="highlight"><?php echo $lang['password']; ?>:</td>
<td><input type="password" name="password" class="norm" size="20" maxlength="25"></td>
</tr>
<tr>
<td class="highlight"><?php echo $lang['verify_password']; ?>:</td>
<td><input type="password" name="vpassword" class="norm" size="20" maxlength="25"></td>
</tr>
<tr>
<td class="highlight"><?php echo $lang['domain_name']; ?>:</td>
<td><input type="text" name="domainname" class="norm" size="20" maxlength="60" value="<?php echo $domainname; ?>"> (* <i><?php echo $lang['for_all']; ?></i>)</td>
</tr>
<tr>
<td class="highlight"><?php echo $lang['admin_privileges']; ?>:</td>
<td>
<?php
if($adminpriv)
{
?>
<input type="radio" name="adminpriv" value="1" checked> <?php echo $lang['yes']; ?>
<input type="radio" name="adminpriv" value="0"> <?php echo $lang['no']; ?>
<?php
}
else
{
?>
<input type="radio" name="adminpriv" value="1"> <?php echo $lang['yes']; ?>
<input type="radio" name="adminpriv" value="0" checked> <?php echo $lang['no']; ?>
<?php
}
?>
</td>
</tr>
</table>
</td>
</tr>
<tr bgcolor="white">
<td align="center">
<?php
if(isset($userid))
{
?>
<input type="submit" name="action" value="<?php echo $lang['update_user']; ?>" class="norm">
<input type="hidden" name="userid" value="<?php echo $userid; ?>">
<?php
}
else
{
?>
<input type="submit" name="action" value="<?php echo $lang['save_user']; ?>" class="norm">
<?php
}
?>
<input type="reset" value="<?php echo $lang['reset']; ?>" class="norm">
<input type="button" value="<?php echo $lang['cancel']; ?>" class="norm" onclick="location.href='admin.php';">
</td>
</tr>
</form>
</table>
</div>
<?php display_info(); ?>
</body>
</html>