Contributions by Keith Gable This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. In addition to being restricted by the GNU General Public License, Essence Engine may not be sold, rented, sublicensed, or leased; you are not permitted to generate revenue with the Essence Engine source code. You may, however, use Essence Engine to run a website that generates revenue via other means. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA $Id$ */ // Users Manager // Add/edit/delete users $pagetitle = "Users Manager"; $skipspam = true; // Disable email address obfuscator include("mainheader.php"); include("themeheader.php"); if ($userinfo["editusers"]) { // Add/edit user. Shares code due to similarity. if (($_GET["action"] == "add") || ($_GET["action"] == "edit")) { if ($_POST["submitted"]) { $moduser = $_POST; if ($_POST["username"] && $_POST["dispname"] && $_POST["email"]) { if ($_GET["action"] == "edit") { $userquery = mysql_query("SELECT * FROM users WHERE username='". mysql_escape_string($_POST["username"]) . "'", $db); $useredit = mysql_fetch_array($userquery); // Is the user an owner? if ($userinfo["usertype"] >= 6) $editok = true; // Is the target invulnerable? elseif (!$useredit["invulnerable"]) $editok = true; // Is it the user's account? elseif ($useredit["username"] == $_POST["username"]) $editok = true; // If not, go away. else $errmsg = 'You are not allowed to edit the user "' . $_POST["username"] . '".'; } elseif ($_GET["action"] == "add") { if ($_POST["password"] && ($_POST["password"] === $_POST["passconfirm"])) $editok = true; else $errmsg = "You must include a password."; } if ($editok) { $doquery .= "email='" . mysql_escape_string($_POST["email"]) . "'"; $doquery .= ", dispname='" . mysql_escape_string($_POST["dispname"]) . "'"; if ($_POST["postlogo"]) $doquery .= ", postlogo='" . mysql_escape_string($_POST["postlogo"]) . "'"; if ($_POST["noemote"]) $doquery .= ", noemote='1'"; else $doquery .= ", noemote='0'"; if ($_POST["showhidden"]) $doquery .= ", showhidden='1'"; else $doquery .= ", showhidden='0'"; if ($_POST["hide"]) $doquery .= ", hide='1'"; else $doquery .= ", hide='0'"; if ($_POST["hidepriv"]) $doquery .= ", hidepriv='1'"; else $doquery .= ", hidepriv='0'"; if ($_POST["editpeer"]) $doquery .= ", editpeer='1'"; else $doquery .= ", editpeer='0'"; if ($_POST["editlinks"]) $doquery .= ", editlinks='1'"; else $doquery .= ", editlinks='0'"; if ($_POST["editemote"]) $doquery .= ", editemote='1'"; else $doquery .= ", editemote='0'"; if ($_POST["editforums"]) $doquery .= ", editforums='1'"; else $doquery .= ", editforums='0'"; // Owner status required to set these if ($userinfo["usertype"] >= 6) { $doquery .= ", usertype='" . mysql_escape_string($_POST["usertype"]) . "'"; if ($_POST["editsite"]) $doquery .= ", editsite='1'"; else $doquery .= ", editsite='0'"; if ($_POST["invulnerable"]) $doquery .= ", invulnerable='1'"; else $doquery .= ", invulnerable='0'"; if ($_POST["editusers"]) $doquery .= ", editusers='1'"; else $doquery .= ", editusers='0'"; if ($_POST["editactivity"]) $doquery .=", editactivity='1'"; else $doquery .= ", editactivity='0'"; } if ($_POST["password"]) { if ($_POST["password"] === $_POST["passconfirm"]) $doquery .= ", password='" . md5($_POST["password"]) . "'"; else sysmsg("Password not changed for user."); } if ($_GET["action"] == "add") { $doquery .= ", lastvisit='" . time() . "'"; $doquery .= ", signuptime='" . time() . "'"; $doquery = "INSERT INTO users SET username='" . strtolower(mysql_escape_string($_POST["username"])) . "', " . $doquery; } elseif ($_GET["action"] == "edit") { $doquery = "UPDATE users SET " . $doquery . " WHERE username='" . strtolower(mysql_escape_string($_POST["username"])) . "' LIMIT 1"; } $result = mysql_query($doquery, $db); if (mysql_errno() != 0) $errmsg = "MySQL Error " . mysql_errno() . ": " . mysql_error() . "."; else { if ($_GET["action"] == "add") { mysql_query("INSERT INTO profiles SET username='" . strtolower(mysql_escape_string($_POST["username"])) . "'", $db); sysmsg('User "' . safetext($_POST["dispname"]) . '" was added successfully.'); } elseif ($_GET["action"] == "edit") sysmsg('User "' . safetext($_POST["dispname"]) . '" was edited successfully.'); sendlocation("adminusers.php?action=edit"); } } } else { $errmsg = "You must include the username, display name, and e-mail address."; } } elseif ($_GET["userid"]) { $userid = mysql_escape_string($_GET["userid"]); $result = mysql_query("SELECT * FROM users WHERE username='" . $userid . "'", $db); $moduser = mysql_fetch_array($result); if (($userinfo["usertype"] < 6) && (($moduser["usertype"] >= $userinfo["usertype"]) && ($moduser["username"] != $userinfo["username"]))) { sysmsg('You are not allowed to edit the user "' . safetext($moduser["username"]) . '".'); sendlocation("adminusers.php?action=edit"); } elseif (!isset($moduser["username"])) { sysmsg('The user "' . safetext($userid) . '" does not exist.'); sendlocation("adminusers.php?action=edit"); } } elseif ($_GET["usersearch"]) { if (preg_match("/([a-zA-Z0-9.\\-_]+)@([a-zA-Z0-9\\-]+).([a-zA-Z0-9]+)/",$_GET["usersearch"])) $searchmode = "email"; else $searchmode = "username"; $usersearch = mysql_escape_string($_GET["usersearch"]); $result = mysql_query("SELECT * FROM users WHERE $searchmode='$usersearch'", $db); $moduser = mysql_fetch_array($result); $userid = $moduser["username"]; if (($userinfo["usertype"] < 6) && (($moduser["usertype"] >= $userinfo["usertype"]) && ($moduser["username"] != $userinfo["username"]))) { sysmsg('You are not allowed to edit the user "' . safetext($moduser["username"]) . '".'); sendlocation("adminusers.php?action=edit"); } elseif (!isset($moduser["username"])) { sysmsg("No users matched the $searchmode \"" . safetext($usersearch) . '".'); sendlocation("adminusers.php?action=edit"); } } if (($_GET["action"] == "add") || (($_GET["action"] == "edit") && isset($moduser))) { if ($errmsg) echo '

' . nl2br($errmsg) . "

\n"; ?>

Username: />
Password:
Password confirm:
Display Name: />
Post Logo: />
E-mail: />

User Type:

User Flags
/>Disable emoticons	/>Show hidden content
/>Hide privileges	/>Hide user
/>Edit links	/>Edit emoticons
/>Edit messages posted by peers	/>Edit forums
Special flags (requires Owner access to set)
/>Edit site options	/>Edit users
/>Invulnerable	/>Access activity monitor

User" />

\n"; if (isset($_GET["sort"]) && isset($_GET["order"])) echo "Sorting by " . safetext($_GET["sort"]) . " in " . safetext($_GET["order"]) . "ending order.
\n"; if (isset($filterdata)) echo "Filtering where " . safetext($_GET["filter"]) . " matches " . safetext($_GET["data"]) . ".
\n"; echo "Reset:\n"; if (isset($_GET["filter"])) echo 'Filter"; if (isset($_GET["sort"]) && isset($_GET["filter"])) echo ' - '; if (isset($_GET["sort"])) echo 'Sort Order"; if (isset($_GET["sort"]) && isset($_GET["filter"])) echo ' - Both"; echo "\n\n"; } echo "

Add a new Account

\n"; echo "

View: "; echo "All"; echo " - Applicants"; echo " - Disabled"; echo " - Hidden"; echo "

\n"; echo "\n"; echo "\n \n \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n \n \n \n \n"; // Show the user data while ($users = mysql_fetch_array($result)) { echo " \n \n"; echo " \n"; // IP filtering links if ($users["lastip"]) { $lastip = explode(".",safetext($users["lastip"])); echo ' \n"; } else echo ' '; echo ' \n"; echo ' \n"; echo ' \n"; echo ' \n \n"; //echo ' \n"; } echo "

Display name	Last visit	Last IP	Type	Hide	Profile	Edit
" . safetext($users["dispname"]) . "	"; if ($users["lastvisit"] > 0) echo safetext(date("g:i A, Y-m-d",$users["lastvisit"])); else echo "Never"; echo "	' . $lastip[0] . "."; echo '' . $lastip[1] . "."; echo '' . $lastip[2] . "."; echo '' . $lastip[3] . ""; echo "	...	' . safetext(type2str($users["usertype"])) . "	'; if ($users["hide"]) echo "yes"; else echo "no"; echo "	Profile	Edit
Delete

\n"; // Page count generator $result = mysql_query("SELECT count(*) FROM users " . $filterdata, $db); $totalusers = mysql_fetch_array($result); $totalusers = $totalusers["count(*)"]; $totalpages = ceil($totalusers / $perpage); if ($totalpages > 1) { echo "

Go to page: \n"; for ($curpage = 1; $curpage <= $totalpages; ++$curpage) { if ($curpage == $pagenum) echo $curpage; else echo '' . $curpage . "\n"; if ($curpage != $totalpages) echo " - "; } echo "\n

\n"; } } } // Delete user. elseif ($_GET["action"] == "delete") { if (($_GET["dodelete"]) && ($_GET["userid"])) { $userid = mysql_escape_string($_GET["userid"]); $checkdb = mysql_query("SELECT * FROM users WHERE username='" . $userid . "'", $db); $checkuser = mysql_fetch_array($checkdb); $editok = false; // Is the user an Owner? if ($userinfo["usertype"] >= 6) $editok = true; // Is the target invulnerable? elseif (!$checkuser["invulnerable"]) $editok = true; // If neither works, the user can't delete the target else echo "You are not allowed to delete the user " . safetext($checkuser["dispname"]) . "."; if ($editok) { $deleteuser = mysql_query("DELETE FROM users WHERE username='" . $userid . "' LIMIT 1", $db); $userok = mysql_errno(); if (($userok != 0) || (mysql_errno() != 0)) sysmsg("MySQL Error " . mysql_errno() . ": " . mysql_error() . "."); else sysmsg("User " . $userid . " was deleted successfully."); sendlocation("adminusers.php?action=edit"); } } elseif ($_GET["userid"]) { $userid = mysql_escape_string($_GET["userid"]); echo "

Do you really want to delete this user?
\n"; echo "Yes, delete this user.
\n"; echo "No, do not delete it.

\n"; $result = mysql_query("SELECT * FROM users WHERE username='" . $userid . "'", $db); $user = mysql_fetch_array($result); ?>

Display name:
User name:
User type:
E-mail:
Last visit:
Last IP:

Access denied: You do not have permission to edit users.\n"; include("themefooter.php"); ?>