pioder
/
uf
1
0
Fork 0
Code Releases 0 Activity
A lightweight forum engine written in PHP. Repository is now obsolete and read-only. http://www.pioder.pl/uforum.html
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
524 KiB
Tree: 968d0b7b53
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '968d0b7b53'
${ noResults }
uf/admin/admin_users.php

458 lines
15 KiB
Raw Normal View History

Added files - test git-svn-id: https://svn.pioder.pl/uf-svn/uF@11 72ec579a-5ced-4fa4-82f3-afba5d98df2f
15 years ago
 
  1. <?php
  2. /** 
  3. * @package	µForum 
  4. * @file		admin/admin_users.php
  5. * @version	1.0.x, 07-11-2008, 13:51 
  6. * @copyright	2008(c) PioDer <pioder@wp.pl>
  7. * @link 	http://pioder.gim2przemysl.int.pl/dsf.html
  8. * @license	GNU GPL v3
  9. **/
  10. define('IN_uF', true);
  11. //include files

  12. include('./../config.php');
  13. include('./../includes/constants.php');
  14. include('./../includes/class_db.php');
  15. include('./../includes/class_error.php');
  16. //connect to database

  17. DataBase::db_connect();
  18. include('./../includes/sessions.php');
  19. include('./../includes/class_user.php');
  20. include('./../common.php');
  21. include('./../includes/admin/class_main.php');
  22. include('./../includes/class_topic.php');
  23. include('./../includes/classes/secure.php');
  24. $default_lang = Admin_Over::DefaultLang();
  25. include('./../lngs/'.$default_lang.'/admin.php');
  26. sess_del_invalid($_SESSION['uid']);	
  27. sess_register($_SESSION['uid']);
  28. sess_delete_old();
  29. if (User::UserInformation($_SESSION['uid'],'rank')!=2)
  30. {
  31. 	admin_message_forum($lng['yournotadmin'],'../index.php');
  32. }
  33. 

  34. if (!isset($_GET['mode']))
  35. {
  36. 	header('Location: admin_users.php?mode=view');	
  37. }
  38. switch($_GET['mode'])
  39. {
  40. 	case 'delete':
  41. 	{
  42. 		$uid = intval($_GET['id']);
  43. 

  44. 		//delete from users table

  45. 		$sql = "DELETE FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
  46. 		DataBase::sql_query($sql,'GENERAL','Could not delete user.');
  47. 

  48. 		//delete from PM SentBox table

  49. 		$sql = "DELETE FROM ".PM_SENTBOX_TABLE." WHERE `u_n_id`='$uid'";
  50. 		DataBase::sql_query($sql,'GENERAL','Could not delete user sentbox messages.');
  51. 

  52. 		//update PM InBox table -> change u_n_id to Anonymous

  53. 		$sql = "UPDATE ".PM_INBOX_TABLE." SET `u_n_id`='-1' WHERE `u_n_id`='$uid'";
  54. 		DataBase::sql_query($sql,'GENERAL','Could not update user inbox messages.');
  55. 

  56. 		//update user posts -> change u_id to Anonymous

  57. 		$sql = "UPDATE ".POSTS_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
  58. 		DataBase::sql_query($sql,'GENERAL','Could edit post.');
  59. 

  60. 		//update shoutbox messages -> change u_id to Anonymous

  61. 		$sql = "UPDATE ".SHOUTBOX_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
  62. 		DataBase::sql_query($sql,'GENERAL','Could edit shoutbox messages.');
  63. 

  64. 		//update user topics -> change u_id to Anonymous

  65. 		$sql = "UPDATE ".TOPICS_TABLE." SET `author`='-1' WHERE `author`='$uid'";
  66. 		DataBase::sql_query($sql,'GENERAL','Could edit post.');
  67. 

  68. 		//back to admin users

  69. 		admin_message_forum($lng['user_deleted'],'admin_users.php');
  70. 		break;
  71.  	}	
  72. 	case 'edit':
  73. 	{
  74. 		$uid = intval($_GET['id']);
  75. 		$msg='';
  76. 		$errors = true;
  77. 		if (isset($_POST['email']))
  78. 		{
  79. 			if ( ereg ("^.+@.+\..+$", $_POST['email']))
  80. 			{
  81. 				//if user changing password... 

  82. 				if ($_POST['password']!='')
  83. 				{
  84. 					if (md5($_POST['password'])==User::UserInformation($_SESSION['uid'],'pass'))
  85. 					{
  86. 						if ($_POST['newpassword']==$_POST['confirmpassword'])
  87. 						{
  88. 							User::UpdatePassword($_SESSION['uid'], md5(strip_tags($_POST['newpassword'])));
  89. 							$errors = false;
  90. 						}
  91. 						else
  92. 						{
  93. 							$message=$lng['incorrect_password2'];
  94. 							$msg = './template/post_error_body.tpl';
  95. 						}
  96. 					}
  97. 					else
  98. 					{
  99. 						$message=$lng['incorrect_password'];
  100. 						$msg = './template/post_error_body.tpl';  
  101. 					}
  102. 				}
  103. 				else
  104. 				{
  105. 					if ($_POST['default_skin']!='-1')
  106. 					{
  107. 						if ($_POST['default_lang']!='-1')
  108. 						{
  109. 							if ($_POST['limit_tpid']!='-1')
  110. 							{
  111. 								if ($_POST['limit_ftid']!='-1')
  112. 								{
  113. 									if ($_POST['limit_users']!='-1')
  114. 									{
  115. 										if (strlen(trim($_POST['sig']))<$forum_config['sig_len'])
  116. 										{
  117. 											$errors = false;
  118. 										}
  119. 										else
  120. 										{
  121. 											$message = $lng['signature_too_long'];
  122. 											$msg = './template/post_error_body.tpl'; 
  123. 										} 
  124. 									}
  125. 									else
  126. 									{
  127. 										$message = $lng['no_limit_users'];
  128. 										$msg = './template/post_error_body.tpl'; 
  129. 									} 
  130. 								}
  131. 								else
  132. 								{
  133. 									$message = $lng['no_limit_ftid'];
  134. 									$msg = './template/post_error_body.tpl'; 
  135. 								} 
  136. 							}
  137. 							else
  138. 							{
  139. 								$message = $lng['no_limit_tpid'];
  140. 								$msg = './template/post_error_body.tpl'; 
  141. 							}  
  142. 						}
  143. 						else
  144. 						{
  145. 							$message=$lng['invalid_lang'];
  146. 							$msg = './template/post_error_body.tpl';  
  147. 						}
  148. 					}
  149. 					else
  150. 					{
  151. 						$message=$lng['invalid_skin'];
  152. 						$msg = './template/post_error_body.tpl'; 
  153. 					}
  154. 				}
  155. 				if (!$errors)
  156. 				{
  157. 					$_POST['ggnumber']=strip_tags($_POST['ggnumber']);
  158. 					$_POST['interests']=strip_tags($_POST['interests']);
  159. 					$_POST['sig']=Secure::TagsReplace($_POST['sig']);
  160. 					$allow_shoutbox = (isset($_POST['allow_shoutbox'])) ? '1' : 0;
  161. 					if (isset($_FILES['avatar_file']['tmp_name']))
  162. 					{
  163. 						$extension = substr($_FILES['avatar_file']['name'],(strlen($_FILES['avatar_file']['name'])-3));
  164. 						if (($extension == 'jpg') or ($extension == 'gif'))
  165. 						{
  166. 							if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg'))
  167. 							{
  168. 								unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg');
  169. 							}
  170. 							if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif'))
  171. 							{
  172. 								unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif');
  173. 							}
  174. 							move_uploaded_file($_FILES['avatar_file']['tmp_name'], AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension);
  175. 							$_POST['avatar'] = AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension;
  176. 						}
  177. 						else
  178. 						{
  179. 							$_POST['avatar'] = strip_tags($_POST['avatar']);
  180. 						}
  181. 					}
  182. 					else
  183. 					{
  184. 						$_POST['avatar'] = strip_tags($_POST['avatar']);
  185. 					}
  186. 					User::UpdateAdminPools($uid,strip_tags($_POST['posts']),$_POST['user_rank'],$_POST['user_active'], strip_tags($_POST['nick']));	
  187. 					User::UpdateProfile($uid,$_POST['ggnumber'],$_POST['email'],$_POST['interests'], $_POST['sig'],$_POST['avatar'],$_POST['allow_qr'],$_POST['allow_email'],$_POST['allow_gg'],$_POST['default_skin'],$_POST['default_lang'], $_POST['limit_tpid'],$_POST['limit_ftid'], $_POST['limit_users'], $allow_shoutbox);
  188. 					admin_message_forum($lng['profile_modernized'],'admin_users.php?mode=edit&id='.$uid);
  189. 				}
  190. 			}
  191. 			else
  192. 			{
  193. 				$message=$lng['invalid_email'];
  194. 				$msg = './template/post_error_body.tpl'; 
  195. 			}
  196. 		}
  197. 		$sql = "SELECT * FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
  198. 		$userinfo = @mysql_fetch_array(DataBase::sql_query($sql,'GENERAL','Could not obtain user information'));
  199. 		if ($userinfo['rank']=='')
  200. 		{
  201. 			admin_message_forum($lng['no_user'],'admin_users.php?mode=view');
  202. 		}
  203. 		//add skin variables

  204. 		$skin = array(
  205. 		//labels profile

  206. 		'L.admin_users'=>$lng['admin_users'],
  207. 		'lnick'=>$lng['user_name'],
  208. 		'lpass'=>$lng['lpassw'],
  209. 		'lnewpass'=>$lng['new_password'],
  210. 		'lcpass'=>$lng['confirm_password'],
  211. 		'lemail'=>'E-mail',
  212. 		'lgg'=>$lng['gg_number'],
  213. 		'lallow_gg'=>$lng['allow_gg'],
  214. 		'lallow_email'=>$lng['allow_email'],
  215. 		'lallow_qr'=>$lng['allow_qr'],
  216. 		'linterests'=>$lng['luinterests'],
  217. 		'lsig'=>$lng['sig'],
  218. 		'lavaddr'=>$lng['picture_adress'],
  219. 		'lovpr'=>$lng['general_settings'],
  220. 		'L.select_value'=>$lng['select_value'],
  221. 		'L.limit_users'=>$lng['limit_users'],
  222. 		'OPTIONS.limit_users'=>Admin_Over::AddPages2($userinfo['limit_users']),
  223. 		'L.posts_in_topic'=>$lng['limit_posts'],
  224. 		'OPTIONS.limit_tpid'=>Admin_Over::AddPages2($userinfo['limit_tpid']),
  225. 		'L.topics_in_forum'=>$lng['limit_topics'],
  226. 		'OPTIONS.limit_ftid'=>Admin_Over::AddPages2($userinfo['limit_ftid']),
  227. 		'lupr'=>$lng['profile_settings'],
  228. 		'lspr'=>$lng['signature_settings'],
  229. 		'ladmpr'=>$lng['admin_settings'],
  230. 		'luser_rank'=>$lng['user_rank'],
  231. 		'luser_actived'=>$lng['user_actived'],
  232. 		'lposts'=>$lng['posts'],
  233. 		'posts'=>$userinfo['posts'],
  234. 		'ldefault_lang'=>$lng['default_lang'],
  235. 		'default_lang'=>Admin_Over::AddLangs(),
  236. 		'l2default_lang'=>$lng['select_lang'],
  237. 		'ldefault_skin'=>$lng['default_skin2'],
  238. 		'default_skin'=>Admin_Over::AddSkins(),
  239. 		'l2default_skin'=>$lng['select_skin'],
  240. 		'lapr'=>$lng['avatar_settings'],
  241. 		'lsubmit'=>$lng['save'],
  242. 		'allow'=>$lng['allow'],
  243. 		'lreset'=>$lng['reset'],
  244. 		'nick'=>$userinfo['nick'],
  245. 		'user'=>$lng['user'],
  246. 		'lallow_shoutbox'=>$lng['allow_shoutbox'],
  247. 		'allow_shoutbox'=>($userinfo['view_shoutbox']==1) ? 'checked="checked"' : '',
  248. 		//options profile

  249. 		'sig'=>$userinfo['sig'],
  250. 		'avatar'=>$userinfo['avatar'],
  251. 		'interests'=>$userinfo['interests'],
  252. 		'email'=>$userinfo['email'],
  253. 		'gg'=>$userinfo['gg'],
  254. 		//options values

  255. 		'option_no_gg'=>($userinfo['allow_gg']==0) ? 'checked="checked"' : '',
  256. 		'option_no_email'=>($userinfo['allow_email']==0) ? 'checked="checked"' : '',
  257. 		'option_no_qr'=>($userinfo['allow_qr']==0) ? 'checked="checked"' : '',
  258. 		'option_yes_gg'=>($userinfo['allow_gg']==1) ? 'checked="checked"' : '',
  259. 		'option_yes_email'=>($userinfo['allow_email']==1) ? 'checked="checked"' : '',
  260. 		'option_yes_qr'=>($userinfo['allow_qr']==1) ? 'checked="checked"' : '',
  261. 		'option_no_ua'=>($userinfo['active']==0) ? 'checked="checked"' : '',
  262. 		'option_yes_ua'=>($userinfo['active']==1) ? 'checked="checked"' : '',
  263. 		//user rank

  264. 		'option_0_rank'=>($userinfo['rank']==0) ? 'checked="checked"' : '',
  265. 		'option_1_rank'=>($userinfo['rank']==1) ? 'checked="checked"' : '',
  266. 		'option_2_rank'=>($userinfo['rank']==2) ? 'checked="checked"' : '',
  267. 		'no'=>$lng['no'],
  268. 		'lavfile'=>$lng['avatar_file'],
  269. 		'yes'=>$lng['yes']
  270. 		);
  271. 		if ($msg=='')
  272. 		{
  273. 			$msg = './template/blank.tpl';
  274. 		}
  275. 		Admin_Over::GenerateHeader();
  276. 		include('./template/user_edit_body.tpl');
  277. 		include('./template/overall_footer.tpl');;
  278. 	 	break;
  279.  	}
  280. 	case 'view':
  281.  	{
  282. 		if (isset($_GET['page'])&&($_GET['page']!=1))
  283. 		{
  284. 			if (!is_numeric($_GET['page']))
  285. 			{
  286. 				die('Hacking attempt');
  287. 			}
  288. 			$value = ($_GET['page']-1)*30;
  289. 			$limit = 'LIMIT '.$value . ', 30';
  290. 			$page = $_GET['page'];
  291. 		}
  292. 		else
  293. 		{
  294. 		  $limit = 'LIMIT 0, 30';
  295. 		  $page=1;
  296. 		}
  297. 		$count = @mysql_fetch_array(DataBase::sql_query("SELECT COUNT(`u_id`) as `u_id` 

  298. 		FROM ".USERS_TABLE,'GENERAL','Could not obtain count amout of users'));

  299. 		$count = $count['u_id'];
  300. 		$count = ceil($count /30);
  301. 		if(isset($_GET['page']) && ($_GET['page']>$count))
  302. 		{
  303. 			message_forum($lng['invalidpage'],'admin_users.php');
  304. 		}
  305. 		if (isset($_COOKIE['users_desc'], $_POST['desc']))
  306. 		{
  307. 			unset($_COOKIE['users_desc']);
  308. 		}
  309. 		if (isset($_POST['sort'],$_COOKIE['users_sort']))
  310. 		{
  311. 			unset($_COOKIE['users_sort']);
  312. 		}
  313. 		if (!isset($_COOKIE['users_desc']))
  314. 		{
  315. 			if (isset($_POST['desc']))
  316. 			{
  317.    				switch($_POST['desc'])
  318.    				{
  319.        					case 'yes':
  320.        					{
  321. 	        		   		@setcookie('users_desc','desc',time()+3600);
  322. 						$_COOKIE['users_desc'] = 'desc';
  323. 						$desc = 'DESC';	
  324. 						break;
  325. 					}
  326. 					case 'no':
  327. 					{
  328. 			    			@setcookie('users_desc','no',time()+3600);
  329. 						$_COOKIE['users_desc'] = 'no';
  330. 						$desc = '';
  331. 						break;
  332. 					}
  333. 				}
  334. 			}
  335. 			else
  336. 			{
  337. 		   		@setcookie('users_desc','no',time()+3600);
  338. 				$_COOKIE['users_desc'] = 'no';
  339. 				$desc = '';
  340. 			}
  341. 		}
  342. 		else
  343. 		{
  344. 		  	$desc = ($_COOKIE['users_desc']=='desc') ? 'DESC' : '';
  345. 		}
  346. 		if (!isset($_COOKIE['users_sort']))
  347. 		{
  348. 			if (isset($_POST['sort']))
  349. 			{
  350.    				switch($_POST['sort'])
  351.    				{
  352.        					case 'regdate':
  353. 					{
  354. 						@setcookie('users_sort','regdate',time()+3600);
  355. 						$_COOKIE['users_sort'] = 'regdate';
  356. 						break;	
  357. 					}
  358. 					case 'lastvisit':
  359. 					{
  360. 						@setcookie('users_sort','lastvisit',time()+3600);
  361. 						$_COOKIE['users_sort'] = 'lastvisit';
  362. 						break;	
  363. 					}
  364. 					case 'uname':
  365. 					{
  366. 						@setcookie('users_sort','uname',time()+3600);
  367. 						$_COOKIE['users_sort'] = 'uname';
  368. 						break;	
  369. 					}
  370. 					case 'posts':
  371. 					{
  372. 						@setcookie('users_sort','posts',time()+3600);
  373. 						$_COOKIE['users_sort'] = 'posts';
  374. 						break;	
  375. 					}	
  376. 				}
  377. 			}
  378. 			else
  379. 			{
  380. 				@setcookie('users_sort','regdate',time()+3600);
  381. 				$_COOKIE['users_sort'] = 'regdate';
  382. 			}
  383. 		}
  384. 		//add skin variables

  385. 		$skin = array(
  386. 		'ldesc' => $lng['desc'],
  387. 		'lselectusers'=>$lng['sort_u_by'],
  388. 		'ltitle'=>$lng['admin_users'],
  389. 		'lregdate'=>$lng['luregister'],
  390. 		'llastvisit'=>$lng['lulastvisit'],
  391. 		'lposts'=>$lng['posts'],
  392. 		'luname'=>$lng['user_name'],
  393. 		'lgo'=>$lng['lgo'],
  394. 		'desc_yes_option'=>(($_COOKIE['users_desc']=='desc') || ((isset ($_POST['desc'])) && ($_POST['desc']=='yes'))) ? 'selected="selected"' : '',
  395. 		'desc_no_option'=>(($_COOKIE['users_desc']=='no') || ((isset ($_POST['desc'])) && ($_POST['desc']=='no'))) ? 'selected="selected"' : '',
  396. 		'regdate_option'=>(($_COOKIE['users_sort']=='regdate') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
  397. 		'lastvisit_option'=>(($_COOKIE['users_sort']=='lastvisit') || ((isset ($_POST['sort'])) && ($_POST['sort']=='lastvisit'))) ? 'selected="selected"' : '',
  398. 		'posts_option'=>(($_COOKIE['users_sort']=='posts') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
  399. 		'uname_option'=>(($_COOKIE['users_sort']=='uname') || ((isset ($_POST['sort'])) && ($_POST['sort']=='uname'))) ? 'selected="selected"' : '',
  400. 		'lyes'=>$lng['yes'],
  401. 		'lno'=>$lng['no']
  402. 		);
  403. 		//do it!

  404. 		Admin_Over::GenerateHeader();
  405. 		include('./template/users_beam_body.tpl');
  406. 		switch($_COOKIE['users_sort'])
  407. 		{
  408. 		case 'regdate':
  409. 		{
  410. 			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `regdate` $desc $limit;";
  411. 			break;	
  412. 		}
  413. 		case 'lastvisit':
  414. 		{
  415. 			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `lastvisit` $desc $limit;";
  416. 			break;	
  417. 		}
  418. 		case 'uname':
  419. 		{
  420. 			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `nick` $desc $limit;";
  421. 			break;	
  422. 		}
  423. 		case 'posts':
  424. 		{
  425. 			$sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `posts` $desc $limit;";
  426. 			break;	
  427. 		}
  428. 		}
  429. 		$query = DataBase::sql_query($sql,'CRITICAL','Could not obtain user information.');
  430. 		while($result = mysql_fetch_array($query))
  431. 		{
  432. 			$skin = array(
  433. 			'id'=>$result['u_id'],
  434. 			'uname'=>Topic::UserName($result['nick'], $result['rank']),
  435. 			'regdate'=>date('d-m-Y, G:i',$result['regdate']),
  436. 			'lastvisit'=>($result['lastvisit']!='0') ? date('d-m-Y, G:i',$result['lastvisit']) : $lng['never'],
  437. 			'posts'=>$result['posts'],
  438. 			'c_del_user'=>$lng['c_delete_user']
  439. 			);
  440. 			include('./template/user_item_add_body.tpl');
  441. 		}
  442. 		$skin = array(
  443. 		'option_pages'=>Admin_Over::AddPages(),
  444. 		'lwith'=>$lng['with'],
  445. 		'lpage'=>$lng['page'],
  446. 		'lpages'=>$count
  447. 		);
  448. 		include('./template/users_end_body.tpl');
  449. 		include('./template/overall_footer.tpl');
  450.     		break;
  451.   	}
  452.  	default:
  453.  	{
  454. 		header('Location: admin_users.php?mode=view');	
  455. 		break;
  456. 	}
  457. }
  458. ?>