<?php
// admin functions
function versioninfo(){
global $config;
$result = @file("http://ping.particlesoft.net/getlatest/particlegallery.txt");
if (!$result){
$txt = "Unable to get version information";
} else {
$version = intval($result[0]);
$tversion = intval($config["versionint"]);
if ($version > $tversion){
$txt = "There is a newer version of the script available";
} elseif ($version == $tversion){
$txt = "You are running the latest version";
} else {
$txt = "You appear to be running an unreleased version";
}
}
return $txt;
}
function updateconfig(){
global $db, $dbprefix, $usr;
if ($usr->Access < 3){ return "Admin only!"; }
$sql = "SELECT * FROM " . $dbprefix . "config WHERE config_help <> ''";
$rec = $db->execute($sql);
do {
$sql = "UPDATE " . $dbprefix . "config SET config_value = ";
$sql .= "'" . dbSecure($_POST[$rec->fields["config_name"]]) . "' ";
$sql .= " WHERE config_name = '" . dbSecure($rec->fields["config_name"]) . "'";
$db->execute($sql);
} while ($rec->loop());
// due to changes, clear cache
clearcache();
// and return
return "Config updated successfully!";
}
function edituser($userid, $username, $email = "", $password = "", $password2 = "", $level){
global $db, $dbprefix;
// standard validation
$userid = intval($userid);
if ($username == ""){ return "No username entered"; }
if ($level == ""){ return "No level selected"; }
// find user
$sql = "SELECT * FROM " . $dbprefix . "users WHERE userid = " . dbSecure($userid);
$mem = $db->execute($sql);
if ($mem->rows < 1){ return "The user could not be found"; }
// password change?
if ($password <> ""){
if ($password <> $password2){ return "The passwords did not match"; }
$nupassword = md5($password);
} else {
$nupassword = $mem->fields["password"];
}
// validate level
if ($level == "admin"){
$status = 3;
} elseif ($level == "moderator"){
$status = 2;
} elseif ($level == "user"){
$status = 1;
} elseif ($level == "locked"){
$status = 0;
} else {
return "Unknown level";
}
// and run the update
$sql = "UPDATE " . $dbprefix . "users SET ";
$sql .= "username = '" . dbSecure($username) . "', ";
$sql .= "password = '" . dbSecure($nupassword) . "', ";
$sql .= "email = '" . dbSecure($email) . "', ";
$sql .= "status = " . dbSecure($status) . " ";
$sql .= "WHERE userid = " . $mem->fields["userid"];
$db->execute($sql);
// and return
return "User updated successfully!";
}
function deleteuser($userid, $images, $comments){
global $db, $dbprefix;
// standard validation
$userid = intval($userid);
if ($userid < 0){ return "Invalid user ID"; }
// check for self delete
if ($userid == intval($_SESSION["userid"])){
return "For security reasons, you cannot delete yourself";
}
// validate the user
$sql = "SELECT * FROM " . $dbprefix . "users WHERE userid = " . dbSecure($userid);
$mem = $db->execute($sql);
if ($mem->rows < 1){ return "The user could not be found"; }
// delete the image reports
$sql = "DELETE FROM " . $dbprefix . "reported WHERE userid = " . dbSecure($userid);
$db->execute($sql);
// delete votes
$sql = "DELETE FROM " . $dbprefix . "votes WHERE userid = " . dbSecure($userid);
$db->execute($sql);
// delete comments
if ($comments == "true"){
$sql = "DELETE FROM " . $dbprefix . "comments WHERE userid = " . dbSecure($userid);
} else {
$sql = "UPDATE " . $dbprefix . "comments SET userid = 0 WHERE userid = " . dbSecure($userid);
}
$db->execute($sql);
// delete images
if ($images == "true"){
$sql = "SELECT * FROM " . $dbprefix . "images WHERE userid = " . dbSecure($userid);
$img = $db->execute($sql);
if ($img->rows > 0){ do {
deleteimage($img->fields["imageid"], "delete");
} while ($img->loop()); }
} else {
$sql = "UPDATE " . $dbprefix . "images SET userid = 0 WHERE userid = " . dbSecure($userid);
$db->execute($sql);
}
// finally, delete user
$sql = "DELETE FROM " . $dbprefix . "users WHERE userid = " . dbSecure($userid);
$db->execute($sql);
// and return
return "User deleted successfully!";
}
function createuser($username, $email, $password, $password2, $level){
global $db, $dbprefix;
// standard validation
if ($username == ""){ return "You did not enter a username"; }
if ($password == ""){ return "You did not enter a password"; }
if ($password2 == ""){ return "You did not confirm your password"; }
if ($email == ""){ return "You did not enter an email address"; }
if ($level == ""){ return "You did not select a level"; }
// check passwords
if ($_POST["password"] <> $_POST["password2"]){ return "The passwords did not match"; }
// validate status
if ($level == "admin"){
$status = 3;
} elseif ($level == "moderator"){
$status = 2;
} elseif ($level == "user"){
$status = 1;
} elseif ($level == "locked"){
$status = 0;
} else {
return "Unknown level";
}
// check for taken username
$sql = "SELECT * FROM " . $dbprefix . "users WHERE username = '" . dbSecure(username) . "'";
$chk = $db->execute($sql);
if ($chk->rows > 0){ return "This username has already been taken"; }
// check for taken email address
$sql = "SELECT * FROM " . $dbprefix . "users WHERE email = '" . dbSecure($email) . "'";
$chk = $db->execute($sql);
if ($chk->rows > 0){ return "This email address is already in use"; }
// run the insert statement
$sql = "INSERT INTO " . $dbprefix . "users (username, password, email, ipaddress, status, joindate) VALUES (";
$sql .= "'" . dbSecure($username) . "', ";
$sql .= "'" . dbSecure(md5($password)) . "', ";
$sql .= "'" . dbSecure($email) . "', ";
$sql .= "'" . dbSecure($_SERVER["REMOTE_ADDR"]) . "', ";
$sql .= dbSecure($status) . ", ";
$sql .= time() . ")";
$db->execute($sql);
// and return
return "User created successfully!";
}
?>