func=$function;
$this->modes=array('A'=>'Admin','E'=>'Editor','U'=>'User','D'=>'Disabled');
$mode=$_POST['usermode'];
if( (!$this->decodeMode($mode)) // unknown mode degrades to U
|| ( $mode == 'A' && $_SESSION['level'] != 'admin' )
// only admins can create admins
) {
$mode='U';
}
$this->mode=$mode;
$this->trusted=$_POST['trusted']=='TRUE'?'TRUE':'FALSE';
}
function decodeMode($mode) {
return $this->modes[$mode];
}
function printUI() {
$level=$_SESSION['level'];
if( $this->func == 'edituser' && ($level=='user' || $level=='editor')) {
// read-only (hidden) fields: "usermode" and "trusted"
$umDes=$this->decodeMode($this->mode);
echo "mode\">"
. ( $umDes?$umDes:"Unknown ($this->mode)" );
if ($this->trusted=="TRUE") {
echo"Trusted \n";
}
} else if( $level=='admin'
|| ($editorAdding=($this->func == 'adduser' && $level=='editor')) ) {
// editable fields: "usermode" (radio) and "trusted" (checkbox)
$modes=$this->modes;
if($editorAdding) array_shift($modes); // only admins can create admins
foreach($modes as $umId=>$umDes) { // decode usermodes
echo '':'"/>' )
."$umDes\n";
}
echo 'trusted) echo ' checked="checked"';
echo ">Trusted\n";
}
}
}
$function = $_GET["function"];
$perms=new PermissionsManager($function);
//Access Level: only admins can edit somebody else's profile
if ($_SESSION["level"] !=="admin") {
//Kill access to add user.
$function="edituser";
$userid=$_SESSION["uid"];
}
?>
Mozilla Update :: Developer Control Panel :: User ManagerMySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result) == 1) {
$allowed = true;
}
}
if ($allowed == false) {
echo"
Error Accessing Record
\n";
echo"You do not appear to have permission to edit this record. \n";
echo"«« Go Back\n";
include"$page_footer";
echo"\n\n";
exit;
} else {
$userid = $postuid;
}
}
}
?>
Updating User List...
\n";
if ($admin=="TRUE") { $mode="A";
} else if ($editor=="TRUE") { $mode="E";
} else if ($disabled=="TRUE") {$mode="D";
} else { $mode="U"; }
if ($trusted !=="TRUE") {$trusted="FALSE"; }
if (checkFormKey()) {
$sql = "UPDATE `userprofiles` SET `UserMode`= '$mode', `UserTrusted`= '$trusted' WHERE `UserID`='$selected'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
}
//Do Special Disable, Delete, Enable Account Operations
if ($_POST["selected$i"] AND $_POST["submit"] !=="Update") {
$selecteduser = escape_string($_POST["selected$i"]);
if ($_POST["submit"]=="Disable Selected") {
if (checkFormKey()) {
$sql = "UPDATE `userprofiles` SET `UserMode`= 'D' WHERE `UserID`='$selecteduser'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {
echo"User Account for User Number $selecteduser Disabled \n";
}
//Disabling an author, check their extension list and disable any item they're the solo author of.
$sql = "SELECT TM.ID, TM.Name from `main` TM INNER JOIN `authorxref` TAX ON TM.ID=TAX.ID WHERE TAX.UserID = '$selecteduser'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$id = $row["ID"];
$name = $row["Name"];
$sql2 = "SELECT `ID` from `authorxref` WHERE `ID` = '$id'";
$sql_result2 = mysql_query($sql2, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result2)<="1") {
$sql3 = "UPDATE `version` SET `approved`='DISABLED' WHERE `ID`='$id' and `approved` !='NO' ";
$sql_result3 = mysql_query($sql3, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result3) {
echo"$name disabled from public viewing... \n";
}
}
}
}
} else if ($_POST["submit"]=="Delete Selected") {
if (checkFormKey()) {
$sql = "DELETE FROM `userprofiles` WHERE `UserID`='$selecteduser' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {
echo"User Account for User Number $selecteduser Deleted \n";
}
}
} else if ($_POST["submit"]=="Enable Selected") {
if (checkFormKey()) {
$sql = "UPDATE `userprofiles` SET `UserMode`= 'U' WHERE `UserID`='$selecteduser'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {
echo"User Account for User Number $selecteduser Enabled, User Mode set to User \n";
}
//Disabling an author, check their extension list and disable any item they're the solo author of.
$sql = "SELECT TM.ID, TM.Name from `main` TM INNER JOIN `authorxref` TAX ON TM.ID=TAX.ID WHERE TAX.UserID = '$selecteduser'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$id = $row["ID"];
$name = $row["Name"];
$sql2 = "SELECT `ID` from `authorxref` WHERE `ID` = '$id'";
$sql_result2 = mysql_query($sql2, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result2)<="1") {
$sql3 = "UPDATE `version` SET `approved`='?' WHERE `ID`='$id' and `approved` !='NO'";
$sql_result3 = mysql_query($sql3, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result3) {
echo"$name restored to public view pending approval... \n";
}
}
}
}
}
}
}
unset($i);
echo"Your changes to the User List have been succesfully completed \n";
}
?>
Adding User...\n";
//Verify Users Password and md5 encode it for storage...
if ($_POST['userpass']==$_POST['userpassconfirm']) {
$_POST['userpass']=md5($_POST['userpass']);
} else {
$errors="true";
echo"Your two passwords did not match, go back and try again... \n";
}
//Add User to MySQL Table
if ($errors !="true") {
// Set user level, but only allow admins to set the admin flag
if ($admin=="TRUE" && $_SESSION["level"]=="admin") { $mode="A";
} else if ($editor=="TRUE") { $mode="E";
} else if ($disabled=="TRUE") {$mode="D";
} else { $mode="U"; }
if ($trusted !=="TRUE") {$trusted="FALSE"; }
$username = escape_string(htmlspecialchars($_POST["username"]));
$useremail = escape_string($_POST['useremail']);
$userwebsite = escape_string($_POST['userwebsite']);
$userpass = escape_string($_POST['userpass']);
$useremailhide = escape_string($_POST['useremailhide']);
if (checkFormKey()) {
$sql = "INSERT INTO `userprofiles` (`UserName`, `UserEmail`, `UserWebsite`, `UserPass`, `UserMode`, `UserTrusted`, `UserEmailHide`) VALUES ('$username', '$useremail', '$userwebsite', '$userpass', '$mode', '$trusted', '$useremailhide');";
$sql_result = mysql_query($sql) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {
include"mail_newaccount.php";
echo"The user $username has been added successfully... \n";
echo"An E-Mail has been sent to the e-mail address specified with the login info they need to log in to their new account. \n";
}
}
}
}
?>
Add New User
Changing Password, please wait...\n";
$userid = escape_string($_POST["userid"]);
$sql = "SELECT `UserPass`, `UserEmail` FROM `userprofiles` WHERE `UserID` = '$userid' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
$userpass = $row["UserPass"];
$email = $row["UserEmail"];
$oldpass = md5($_POST['oldpass']);
if ($userpass==$oldpass) {
if ($_POST['newpass']==$_POST['newpass2']) {
$newpassword = $_POST["newpass"];
$password_plain = $newpassword;
$userpass = md5($newpassword);
$sql_result = false;
if (checkFormKey()) {
$sql = "UPDATE `userprofiles` SET `UserPass`='$userpass' WHERE `UserID`='$userid'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
}
if ($sql_result) {
include"mail_newpassword.php";
echo"The password has been successfully changed, an e-mail has been sent confirming this action. \n";
}
} else {
echo"The two passwords did not match, please go back and try again. \n";
}
} else {
echo"Your Old password did not match the password on file, please try again. \n";
}
} else if ($_POST["submit"]=="Generate New Password") {
echo"
Generating New Password, please wait...
\n";
$newpassword = substr(md5(mt_rand()),0,14);
$password_plain = $newpassword;
$userpass = md5($newpassword);
$userid = escape_string($_POST["userid"]);
$sql = "SELECT `UserEmail` FROM `userprofiles` WHERE `UserID` = '$userid' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
$email = $row["UserEmail"];
if (checkFormKey()) {
$sql = "UPDATE `userprofiles` SET `UserPass`='$userpass' WHERE `UserID`='$userid'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {
include"mail_newpassword.php";
echo"The password has been successfully reset. The user has been sent an e-mail notifying them of their new password. \n";
}
}
}
if (!$userid) { $userid = escape_string($_POST["userid"]); }
//Get Name of User for Form
$sql = "SELECT `UserName` FROM `userprofiles` WHERE `UserID` = '$userid' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
$username = $row["UserName"];
?>