Location: PHPKode > projects > Webextreme > webextreme/admin_useredit.php
<?php
  require ("functions.php");
  if(!check_login())
  {
    header("Location: index.php");
  }
  if($_SESSION['admin'] != 1)
  {
    header("Location: admin.php");
    exit;
  }

  if(isset($_POST['action']) && check("username", $_POST['username'], 0))
  {
    if($_POST['action'] == $lang['update_user'])
    {
      if(check("domain", $_POST['domainname'], 0) || $_POST['domainname'] == "*")
      {
        if($_POST['password'] == $_POST['vpassword'])
        {
          $connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
          if(!empty($_POST['password']))
            $sql = "UPDATE `$dbusertable` SET username = '" . $_POST['username'] . "', password=MD5('" . $_POST['password'] . "'), domainname='" . $_POST['domainname'] . "',admin=" . $_POST['adminpriv'] . " WHERE userid = " . $_POST['userid'] . ";";
          else
            $sql = "UPDATE `$dbusertable` SET username = '" . $_POST['username'] . "', domainname='" . $_POST['domainname'] . "', admin=" . $_POST['adminpriv'] . " WHERE userid = " . $_POST['userid'] . ";";
          @mysql($dbname, $sql) or die(db_error("query"));
          mysql_close($connection);
          $error = $lang['user_updated'];
        }
        else
        {
          $error = $lang['passwords_not_match'];
        }
      }
      else
      {
        $error = $lang['invalid_domain'];
      }
    }
    else
    {
      if(check("domain", $_POST['domainname'], 0) || $_POST['domainname'] == "*")
      {
        $connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
        $sql = "SELECT * FROM `$dbusertable` WHERE username = '" . $_POST['username'] . "';";
        $result = @mysql($dbname, $sql) or die(db_error("query"));
        $exists = mysql_numrows($result);
        mysql_close($connection);
        if($exists == 0)
        {
          if($_POST['password'] == $_POST['vpassword'] || !empty($_POST['password']))
          {
            $connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection"));
            $sql = "INSERT INTO `$dbusertable` VALUES ('','" . $_POST['username'] . "', MD5('password'),'" . $_POST['domainname'] . "', " . $_POST['adminpriv'] . ")";
            @mysql($dbname, $sql) or die(db_error("query"));
            mysql_close($connection);
            $error = $lang['user_added'];
          }
          else
          {
            $error = $lang['passwords_not_match'];
          }
        }
        else
        {
          $error = $lang['user_exists'];
        }
      }
      else
      {
        $error = $lang['invalid_domain'];
      }
    }
  }

  if(isset($_GET['userid']))
  {
    $connection = @mysql_connect($dbhost, $dbusername, $dbpassword) or die(db_error("connection")); 
    $sql = "SELECT * FROM `$dbusertable` WHERE userid=" . $_GET['userid'] . ";";
    $result = @mysql($dbname, $sql) or die(db_error("query"));
    $row = mysql_fetch_array($result);
    $userid = $row[userid];
    $username = $row[username];
    $domainname = $row[domainname];
    $adminpriv = $row[admin];
    mysql_close($connection);
  }
?>
<html>
<head>
<title><?php echo $lang['user_administration']; ?></title>
<link rel="stylesheet"                  href="style.css">
<meta http-equiv="pragma"               content="no-cache">
<meta http-equiv="content-type"         content="text/html; charset=iso-8859-1">
</head>

<body>

<div align="center">

<?php
  if(isset($error))
    echo "<b>" . $error . "</b><br><br>\n";
?>

<table border="0" cellpadding="4" cellspacing="1" bgcolor="black">
  <form method="post" action="admin_useredit.php">
    <tr>
      <td align="center" class="highlightwhite"><?php echo $lang['user_administration']; ?></td>
    </tr>
    <tr>
      <td bgcolor="white">
        <table border="0" cellpadding="4" cellspacing="0">
          <tr>
            <td class="highlight"><?php echo $lang['username']; ?>:</td>
            <td><input type="text" name="username" class="norm" size="20" maxlength="25" value="<?php echo $username; ?>"></td>
          </tr>
          <tr>
            <td class="highlight"><?php echo $lang['password']; ?>:</td>
            <td><input type="password" name="password" class="norm" size="20" maxlength="25"></td>
          </tr>
          <tr>
            <td class="highlight"><?php echo $lang['verify_password']; ?>:</td>
            <td><input type="password" name="vpassword" class="norm" size="20" maxlength="25"></td>
          </tr>
          <tr>
            <td class="highlight"><?php echo $lang['domain_name']; ?>:</td>
            <td><input type="text" name="domainname" class="norm" size="20" maxlength="60" value="<?php echo $domainname; ?>"> (* <i><?php echo $lang['for_all']; ?></i>)</td>
          </tr>
          <tr>
            <td class="highlight"><?php echo $lang['admin_privileges']; ?>:</td>
            <td>
<?php 
  if($adminpriv)
  {
?>
              <input type="radio" name="adminpriv" value="1" checked> <?php echo $lang['yes']; ?>
              <input type="radio" name="adminpriv" value="0"> <?php echo $lang['no']; ?>
<?php
  }
  else
  {
?>
              <input type="radio" name="adminpriv" value="1"> <?php echo $lang['yes']; ?>
              <input type="radio" name="adminpriv" value="0" checked> <?php echo $lang['no']; ?>
<?php
  }
?>
            </td>
          </tr>
        </table>
      </td>
    </tr>
    <tr bgcolor="white">
      <td align="center">
<?php
  if(isset($userid))
  {
?>
        <input type="submit" name="action" value="<?php echo $lang['update_user']; ?>" class="norm">
        <input type="hidden" name="userid" value="<?php echo $userid; ?>">
<?php
  }
  else
  {
?>
         <input type="submit" name="action" value="<?php echo $lang['save_user']; ?>" class="norm">
<?php
  }
?>
         <input type="reset" value="<?php echo $lang['reset']; ?>" class="norm">
         <input type="button" value="<?php echo $lang['cancel']; ?>" class="norm" onclick="location.href='admin.php';">
       </td>
     </tr>
   </form>
  </table>
</div>

<?php display_info(); ?>

</body>
</html>
Return current item: Webextreme