. * * File Name: users.inc * Description: Admin options for managing users * $Date: 2010-02-21 23:16:57 +0000 (Sun, 21 Feb 2010) $ * $Revision: 12 $ */ $search = $_POST['search'] ; $emailsearch = $_POST['emailsearch'] ; if (isset($_POST['submit'])) { $db->query("UPDATE `member` SET `email` = '".quote_smart($_POST['email'])."' WHERE `id` = '".quote_smart($_GET['edit'])."'") ; $db->query("UPDATE `member` SET `privs` = '".quote_smart($_POST['privs'])."' WHERE `id` = '".quote_smart($_GET['edit'])."'") ; if (isset($_POST['active'])) { $db->query("UPDATE `member` SET `activationkey` = '0' WHERE `id` = '".quote_smart($_GET['edit'])."'") ; $msg = getEmail("admin_acc_act") ; $msg = str_replace("[USERNAME]", $_POST['uname'], $msg) ; $msg = str_replace("[SITENAME]", getSetting("sitename", $db), $msg) ; $headers = "From: \"".getSetting('default_from', $db)."\" <".getSetting("contact_email", $db).">>\r\n"."Reply-To: ".getSetting("contact_email", $db)."\r\n"."X-Mailer: PHP/".phpversion() ; mail($_POST['email'], 'Account Activation', $msg, $headers) ; } if (($_POST['ban'] == "on") && ($_POST['privs'] < 2)) { $db->query("UPDATE `member` SET `banned`=TRUE WHERE `id` = '".quote_smart($_GET['edit'])."'") ; $db->query("SELECT ip FROM ban WHERE ip='".$_POST['banip']."'") ; if ($db->numRows() < 1) { $db->query("INSERT INTO ban (ip) VALUES ('".$_POST['banip']."')") ; } } else { $db->query("UPDATE `member` SET `banned`=FALSE WHERE `id` = '".quote_smart($_GET['edit'])."'") ; $db->query("DELETE FROM ban WHERE ip='".$_POST['banip']."'") ; } $message = "The user was edited successfully" ; if (isset($_POST['reset'])) { $db->query("SELECT * FROM `member` WHERE `id` = '".quote_smart($_GET['edit'])."'") ; $res = $db->fetch() ; $newpass = substr(md5(uniqid(rand())), -8) ; $db->query("UPDATE member SET password = '".md5($newpass)."' WHERE id = ".quote_smart($_GET['edit'])) ; $msg = getEmail("email_forgot") ; $msg = str_replace("[USERNAME]", $res['username'], $msg) ; $msg = str_replace("[PASSWORD]", $newpass, $msg) ; $msg = str_replace("[SITENAME]", getSetting("sitename", $db), $msg) ; $headers = "From: \"".getSetting('default_from', $db)."\" <".getSetting("contact_email", $db).">>\r\n"."Reply-To: ".getSetting("contact_email", $db)."\r\n"."X-Mailer: PHP/".phpversion() ; mail($res['email'], 'Password reset', $msg, $headers) ; $message = "The user's password was reset and an email containing it has been sent to ".$res['email']."." ; } unset($_GET['edit']) ; } if (!isset($_GET['edit'])) { if (!isset($_GET['del'])) { //Display /* Paging */ $db->query("SELECT * FROM `member` ORDER BY `id`") ; $totalvids = $db->numRows() ; if (isset($_GET['p'])) $page = intval($_GET['p']) ; else $page = 1 ; $perpage = getSetting("admin_perpage", $db) ; $pages = ceil($totalvids / $perpage) ; $pageLinks = "" ; //Page formatting $pageLinks = "

Pages: " ; if ($pages > 10 && $page > 6) $pageLinks .= "1 ... " ; $p = 1 ; $stopat = ($pages <= 10) ? $pages : 10 ; if ($pages > 10 && $page > 5) { $p = $page - 5 ; $stopat = $page + 5 ; if ($stopat > $pages) $stopat = $pages ; } for ($p; $p <= $stopat; $p++) { if ($p == $page) $pageLinks .= "$p " ; else $pageLinks .= "$p " ; } if ($pages > 10) $pageLinks .= "... $pages" ; $pageLinks .= "

" ; $limitstart = ($page - 1) * $perpage ; /* */ if ($search != '') { $searchstring = "WHERE `username` LIKE '%".$search."%' " ; } else if ($emailsearch != '') { $searchstring = "WHERE `email` LIKE '%".$emailsearch."%' " ; } $db->query("SELECT * FROM `member`".$searchstring." ORDER BY `id` LIMIT $limitstart,$perpage") ; $result = $db->fetchAll() ; $counter = $db->numRows() ; $userList = "" ; if ($counter > 0) { foreach ($result as $row) { if ($row['privs'] == 7) $utype = "admin" ; else $utype = "user" ; if ($row['activationkey'] == '0') $act = 'yes' ; else $act = 'no' ; if ($row['banned'] == '0') $ban = "no" ; else $ban = "yes" ; $userList .= "".$row['id']." ".$row['ip']." $utype $\"Delete\"$ $\"Edit\"$ ".$act."".$ban."" ; } } } else { //Delete if (!isset($_GET['do'])) { //Confirm $delMessage = 'Do you really want to delete this user?

Yes No' ; } else { if ($_GET['do'] == 'true') { //Do delete $db->query("DELETE FROM `member` WHERE id = '".quote_smart($_GET['del'])."'") ; $delMessage = 'The user was deleted successfully. Go back' ; } } } } else { //Edit $editUser = true ; $sql = "SELECT * FROM `member` WHERE `id` = '".quote_smart($_GET['edit'])."'" ; $result = mysql_query($sql) or die(mysql_error()) ; if ($result) { while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $editUsername = $row['username'] ; $editEmail = $row['email'] ; $editPrivs = $row['privs'] ; $editKey = $row['activationkey'] ; $editip = $row['ip'] ; $editban = $row['banned'] == 1 ? 'CHECKED' : '' ; } } } ?>