Location: PHPKode > scripts > Particle Gallery > includes/functions_admin.php
<?php
// admin functions
function versioninfo(){
	global $config;
	
	$result = @file("http://ping.particlesoft.net/getlatest/particlegallery.txt");
	if (!$result){
		$txt = "Unable to get version information";
	} else {
		$version  = intval($result[0]);
		$tversion = intval($config["versionint"]);
		
		if ($version > $tversion){
			$txt = "There is a newer version of the script available";
		} elseif ($version == $tversion){
			$txt = "You are running the latest version";
		} else {
			$txt = "You appear to be running an unreleased version";
		}
	}
	
	return $txt;
}

function updateconfig(){
	global $db, $dbprefix, $usr;
	
	if ($usr->Access < 3){ return "Admin only!"; }
	
	$sql = "SELECT * FROM " . $dbprefix . "config WHERE config_help <> ''";
	$rec = $db->execute($sql);
	do {
	
		$sql  = "UPDATE " . $dbprefix . "config SET config_value = ";
		$sql .= "'" . dbSecure($_POST[$rec->fields["config_name"]]) . "' ";
		$sql .= " WHERE config_name = '" . dbSecure($rec->fields["config_name"]) . "'";
		$db->execute($sql);
	
	} while ($rec->loop());
	
	// due to changes, clear cache
	clearcache();
	
	// and return
	return "Config updated successfully!";
}

function edituser($userid, $username, $email = "", $password = "", $password2 = "", $level){
	global $db, $dbprefix;
	
	// standard validation
	$userid = intval($userid);
	if ($username == ""){ return "No username entered"; }
	if ($level == ""){ return "No level selected"; }
	
	// find user
	$sql = "SELECT * FROM " . $dbprefix . "users WHERE userid = " . dbSecure($userid);
	$mem = $db->execute($sql);
	if ($mem->rows < 1){ return "The user could not be found"; }
	
	// password change?
	if ($password <> ""){
		if ($password <> $password2){ return "The passwords did not match"; }
		$nupassword = md5($password);
	} else {
		$nupassword = $mem->fields["password"];
	}
	
	// validate level
	if ($level == "admin"){
		$status = 3;
	} elseif ($level == "moderator"){
		$status = 2;
	} elseif ($level == "user"){
		$status = 1;
	} elseif ($level == "locked"){
		$status = 0;
	} else {
		return "Unknown level";
	}
	
	// and run the update
	$sql  = "UPDATE " . $dbprefix . "users SET ";
	$sql .= "username = '" . dbSecure($username) . "', ";
	$sql .= "password = '" . dbSecure($nupassword) . "', ";
	$sql .= "email = '" . dbSecure($email) . "', ";
	$sql .= "status = " . dbSecure($status) . " ";
	$sql .= "WHERE userid = " . $mem->fields["userid"];
	$db->execute($sql);
	
	// and return
	return "User updated successfully!";
}

function deleteuser($userid, $images, $comments){
	global $db, $dbprefix;
	
	// standard validation
	$userid = intval($userid);
	if ($userid < 0){ return "Invalid user ID"; }
	
	// check for self delete
	if ($userid == intval($_SESSION["userid"])){
		return "For security reasons, you cannot delete yourself";
	}
	
	// validate the user
	$sql = "SELECT * FROM " . $dbprefix . "users WHERE userid = " . dbSecure($userid);
	$mem = $db->execute($sql);
	if ($mem->rows < 1){ return "The user could not be found"; }
	
	// delete the image reports
	$sql = "DELETE FROM " . $dbprefix . "reported WHERE userid = " . dbSecure($userid);
	$db->execute($sql);
	
	// delete votes
	$sql = "DELETE FROM " . $dbprefix . "votes WHERE userid = " . dbSecure($userid);
	$db->execute($sql);
	
	// delete comments
	if ($comments == "true"){
		$sql = "DELETE FROM " . $dbprefix . "comments WHERE userid = " . dbSecure($userid);
	} else {
		$sql = "UPDATE " . $dbprefix . "comments SET userid = 0 WHERE userid = " . dbSecure($userid);
	}
	$db->execute($sql);
	
	// delete images
	if ($images == "true"){
		$sql = "SELECT * FROM " . $dbprefix . "images WHERE userid = " . dbSecure($userid);
		$img = $db->execute($sql);
		if ($img->rows > 0){ do {
			deleteimage($img->fields["imageid"], "delete");
		} while ($img->loop()); }
	} else {
		$sql = "UPDATE " . $dbprefix . "images SET userid = 0 WHERE userid = " . dbSecure($userid);
		$db->execute($sql);
	}
	
	// finally, delete user
	$sql = "DELETE FROM " . $dbprefix . "users WHERE userid = " . dbSecure($userid);
	$db->execute($sql);
	
	// and return
	return "User deleted successfully!";
}

function createuser($username, $email, $password, $password2, $level){
	global $db, $dbprefix;
	
	// standard validation
	if ($username == ""){ return "You did not enter a username"; }
	if ($password == ""){ return "You did not enter a password"; }
	if ($password2 == ""){ return "You did not confirm your password"; }
	if ($email == ""){ return "You did not enter an email address"; }
	if ($level == ""){ return "You did not select a level"; }
	
	// check passwords
	if ($_POST["password"] <> $_POST["password2"]){ return "The passwords did not match"; }
	
	// validate status
	if ($level == "admin"){
		$status = 3;
	} elseif ($level == "moderator"){
		$status = 2;
	} elseif ($level == "user"){
		$status = 1;
	} elseif ($level == "locked"){
		$status = 0;
	} else {
		return "Unknown level";
	}
	
	// check for taken username
	$sql = "SELECT * FROM " . $dbprefix . "users WHERE username = '" . dbSecure(username) . "'";
	$chk = $db->execute($sql);
	if ($chk->rows > 0){ return "This username has already been taken"; }
	
	// check for taken email address
	$sql = "SELECT * FROM " . $dbprefix . "users WHERE email = '" . dbSecure($email) . "'";
	$chk = $db->execute($sql);
	if ($chk->rows > 0){ return "This email address is already in use"; }
	
	// run the insert statement
	$sql = "INSERT INTO " . $dbprefix . "users (username, password, email, ipaddress, status, joindate) VALUES (";
	$sql .= "'" . dbSecure($username) . "', ";
	$sql .= "'" . dbSecure(md5($password)) . "', ";
	$sql .= "'" . dbSecure($email) . "', ";
	$sql .= "'" . dbSecure($_SERVER["REMOTE_ADDR"]) . "', ";
	$sql .= dbSecure($status) . ", ";
	$sql .= time() . ")";
	$db->execute($sql);
	
	// and return
	return "User created successfully!";
}
?>
Return current item: Particle Gallery