<?php
/* Sample Members Admin Area (C) American Financing 2004-2005 */
require '../init.php';
require '../mysqlvars.php';
require '../lib/db.php';
require '../lib/form_functions.php';
session_start('ADMIN');
require 'includes/secure_page.php';
$dbConn = connectDB($dbHost, $dbUser, $dbPass, $dbDB);
if (!$dbConn) {
die ('Cannot connect to database');
}
if (!isset($_GET['username']) && !isset($_POST['username'])) {
die ('Illegal navigation');
}
else {
$username = isset($_GET['username']) ? stripData($_GET['username']) : stripData($_POST['username']);
}
unset($error);
unset($confirm);
$found = false;
if (isset($_POST['confirm'])) {
// delete any user contacts
$result = mysql_query("SELECT address_id FROM wsd_contacts WHERE username = '" . addslashes($username) . "'");
if ($result) {
if ($frow = mysql_fetch_array($result)) {
do { // delete any user contact files -----------------------
$address_id = $frow[0];
$fresult = mysql_query("SELECT * FROM wsd_files WHERE address_id = '$address_id'");
if ($fresult) {
if ($frow = mysql_fetch_array($fresult)) {
do {
$fl = $frow['file_id'] . '.' . $frow['ftype'];
if (file_exists($APP->upload_dir . $fl)) {
unlink($APP->upload_dir . $fl);
}
mysql_query("DELETE FROM wsd_files WHERE file_id = " . $frow['file_id']);
} while ($frow = mysql_fetch_array($fresult));
}
} // -----------------------------------------------------
mysql_query("DELETE FROM wsd_contacts WHERE address_id = '" . $address_id . "'");
} while ($frow = mysql_fetch_array($result));
}
}
if (mysql_query("DELETE FROM wsd_members WHERE username = '" . addslashes($username) . "'")) { ?>
<SCRIPT LANGUAGE="JavaScript">
<!--
if (window.opener) {
if (!window.opener.closed) {
window.opener.location.reload(1);
window.close();
}
}
//-->
</SCRIPT>
<?php $confirm = 'Record deleted';
$found = false;
}
else {
$error = mysql_error();
}
}
else {
$query = "SELECT username, email, DATE_FORMAT(registered_on, '%M %d %Y') as registered_on,DATE_FORMAT(last_logged_on, '%M %d %Y %H:%i') as last_logged_on FROM wsd_members WHERE ";
$query .= "username = '" . addslashes($username) . "'";
$result = mysql_query($query, $dbConn);
if ($result) {
if ($frow = mysql_fetch_array($result)) {
$found = true;
$email = $frow['email'];
$registered_on = $frow['registered_on'];
$last_logged_on = $frow['last_logged_on'];
}
else {
$error = 'Record not found';
}
}
else {
$error = mysql_error();
}
}
?>
<html>
<head>
<title>Delete Members</title>
<META HTTP-EQUIV="PRAGMA" CONTENT="NOCACHE">
<link rel="stylesheet" href="styles/fgp.css" type="text/css">
</head>
<body>
<table class="bg">
<tr>
<td>
<table class="fg">
<tr>
<td class="title">Delete Members</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
Warning: Deleting a contact is irreversible and will remove all related records and stored files
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
<?php if (isset($confirm)) { echo "<tr><td class=\"bold\">$confirm</td><tr>"; } ?>
<?php if (isset($error)) { echo "<tr><td class=\"error\">$error</td></tr>"; } ?>
</table>
</td>
</tr>
<tr>
<td>
<?php if ($found) { ?>
<table class="fg">
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<tr><td class="label"> </td><td class="field"><input type="hidden" name="username" value="<?php echo htmlspecialchars($username) ?>"></td></tr>
<tr>
<td class="label">Username:</td>
<td class="field"><?php echo $username ?></td>
</tr>
<tr>
<td class="label">Email:</td>
<td class="field"><?php echo $email ?></td>
</tr>
<tr>
<td class="label">Registered on:</td>
<td class="field"><?php echo $registered_on ?></td>
</tr>
<tr>
<td class="label">Last logged on:</td>
<td class="field"><?php echo $last_logged_on ?></td>
</tr>
<tr><td class="label"> </td><td class="field"><input type="Submit" name="confirm" value="Delete"></td></tr>
</form>
</table>
<?php } ?>
</td>
</tr>
</table>
</body>
</html>