- <?php
- /**
- * @package uForum
- * @file admin/admin_users.php
- * @version $Id$
- * @copyright 2009(c) PioDer <pioder@wp.pl>
- * @link http://pioder.gim2przemysl.int.pl/
- * @license GNU GPL v3
- **/
- define('IN_uF', true);
- //include files
- include('./../config.php');
- include('./../includes/constants.php');
- include('./../includes/db.php');
- include('./../includes/errors.php');
- //connect to database
- DataBase::db_connect();
- include('./../includes/sessions.php');
- include('./../includes/classes/class_user.php');
- include('./../common.php');
- include('./../includes/admin/class_main.php');
- include('./../includes/misc_functions.php');
- include('./../includes/classes/class_topic.php');
- include('./../includes/classes/class_posting.php');
- include('./../includes/classes/secure.php');
- $default_lang = Admin_Over::DefaultLang();
- include('./../lngs/'.$default_lang.'/admin.php');
- SessDelInvalid();
- SessRegister();
- SessDeleteOld();
- if (User::UserInformation($_SESSION['uid'],'rank')!=2)
- {
- admin_message_forum($lng['yournotadmin'],'../index.php');
- }
-
- if (!isset($_GET['mode']))
- {
- header('Location: admin_users.php?mode=view');
- }
- switch($_GET['mode'])
- {
- case 'delete':
- {
- $uid = intval($_GET['id']);
-
- //delete from users table
- $sql = "DELETE FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
- DataBase::sql_query($sql,GENERAL,'Could not delete user.');
-
- //delete from PM SentBox table
- $sql = "DELETE FROM ".PM_SENTBOX_TABLE." WHERE `u_n_id`='$uid'";
- DataBase::sql_query($sql,GENERAL,'Could not delete user sentbox messages.');
-
- //update PM InBox table -> change u_n_id to Anonymous
- $sql = "UPDATE ".PM_INBOX_TABLE." SET `u_n_id`='-1' WHERE `u_n_id`='$uid'";
- DataBase::sql_query($sql,GENERAL,'Could not update user inbox messages.');
-
- //update user posts -> change u_id to Anonymous
- $sql = "UPDATE ".POSTS_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
- DataBase::sql_query($sql,GENERAL,'Could edit post.');
-
- //update shoutbox messages -> change u_id to Anonymous
- $sql = "UPDATE ".SHOUTBOX_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'";
- DataBase::sql_query($sql,GENERAL,'Could edit shoutbox messages.');
-
- //update user topics -> change u_id to Anonymous
- $sql = "UPDATE ".TOPICS_TABLE." SET `author`='-1' WHERE `author`='$uid'";
- DataBase::sql_query($sql,GENERAL,'Could edit post.');
-
- //back to admin users
- admin_message_forum($lng['user_deleted'],'admin_users.php');
- break;
- }
- case 'edit':
- {
- $uid = intval($_GET['id']);
- $msg='';
- $errors = true;
- if (isset($_POST['email']))
- {
- if ( ereg ("^.+@.+\..+$", $_POST['email']))
- {
- //if user changing password...
- if ($_POST['password']!='')
- {
- if (md5($_POST['password'])==User::UserInformation($_SESSION['uid'],'pass'))
- {
- if ($_POST['newpassword']==$_POST['confirmpassword'])
- {
- User::UpdatePassword($_SESSION['uid'], md5(strip_tags($_POST['newpassword'])));
- $errors = false;
- }
- else
- {
- $message=$lng['incorrect_password2'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- $message=$lng['incorrect_password'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- if ($_POST['default_skin']!='-1')
- {
- if ($_POST['default_lang']!='-1')
- {
- if ($_POST['limit_tpid']!='-1')
- {
- if ($_POST['limit_ftid']!='-1')
- {
- if ($_POST['limit_users']!='-1')
- {
- if (strlen(trim($_POST['sig']))<$forum_config['sig_len'])
- {
- $errors = false;
- }
- else
- {
- $message = $lng['signature_too_long'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- $message = $lng['no_limit_users'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- $message = $lng['no_limit_ftid'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- $message = $lng['no_limit_tpid'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- $message=$lng['invalid_lang'];
- $msg = './template/post_error_body.tpl';
- }
- }
- else
- {
- $message=$lng['invalid_skin'];
- $msg = './template/post_error_body.tpl';
- }
- }
- if (!$errors)
- {
- $_POST['ggnumber']=strip_tags($_POST['ggnumber']);
- $_POST['interests']=strip_tags($_POST['interests']);
- $_POST['sig']=Secure::TagsReplace($_POST['sig']);
- $allow_shoutbox = (isset($_POST['allow_shoutbox'])) ? '1' : 0;
- if (isset($_FILES['avatar_file']['tmp_name']))
- {
- $extension = substr($_FILES['avatar_file']['name'],(strlen($_FILES['avatar_file']['name'])-3));
- if (($extension == 'jpg') or ($extension == 'gif'))
- {
- if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg'))
- {
- unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg');
- }
- if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif'))
- {
- unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif');
- }
- move_uploaded_file($_FILES['avatar_file']['tmp_name'], AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension);
- $_POST['avatar'] = AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension;
- }
- else
- {
- $_POST['avatar'] = strip_tags($_POST['avatar']);
- }
- }
- else
- {
- $_POST['avatar'] = strip_tags($_POST['avatar']);
- }
- User::UpdateAdminPools($uid,strip_tags($_POST['posts']),$_POST['user_rank'],$_POST['user_active'], strip_tags($_POST['nick']));
- User::UpdateProfile($uid,$_POST['ggnumber'],$_POST['email'],$_POST['interests'], $_POST['sig'],$_POST['avatar'],$_POST['allow_qr'],$_POST['allow_email'],$_POST['allow_gg'],$_POST['default_skin'],$_POST['default_lang'], $_POST['limit_tpid'],$_POST['limit_ftid'], $_POST['limit_users'], $allow_shoutbox);
- admin_message_forum($lng['profile_modernized'],'admin_users.php?mode=edit&id='.$uid);
- }
- }
- else
- {
- $message=$lng['invalid_email'];
- $msg = './template/post_error_body.tpl';
- }
- }
- $sql = "SELECT * FROM ".USERS_TABLE." WHERE `u_id`='$uid'";
- $userinfo = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information'));
- if ($userinfo['rank']=='')
- {
- admin_message_forum($lng['no_user'],'admin_users.php?mode=view');
- }
- //add skin variables
- $skin = array(
- //labels profile
- 'L.admin_users'=>$lng['admin_users'],
- 'lnick'=>$lng['user_name'],
- 'lpass'=>$lng['lpassw'],
- 'lnewpass'=>$lng['new_password'],
- 'lcpass'=>$lng['confirm_password'],
- 'lemail'=>'E-mail',
- 'lgg'=>$lng['gg_number'],
- 'lallow_gg'=>$lng['allow_gg'],
- 'lallow_email'=>$lng['allow_email'],
- 'lallow_qr'=>$lng['allow_qr'],
- 'linterests'=>$lng['luinterests'],
- 'lsig'=>$lng['sig'],
- 'lavaddr'=>$lng['picture_adress'],
- 'lovpr'=>$lng['general_settings'],
- 'L.select_value'=>$lng['select_value'],
- 'L.limit_users'=>$lng['limit_users'],
- 'OPTIONS.limit_users'=>ListPages($userinfo['limit_users']),
- 'L.posts_in_topic'=>$lng['limit_posts'],
- 'OPTIONS.limit_tpid'=>ListPages($userinfo['limit_tpid']),
- 'L.topics_in_forum'=>$lng['limit_topics'],
- 'OPTIONS.limit_ftid'=>ListPages($userinfo['limit_ftid']),
- 'lupr'=>$lng['profile_settings'],
- 'lspr'=>$lng['signature_settings'],
- 'ladmpr'=>$lng['admin_settings'],
- 'luser_rank'=>$lng['user_rank'],
- 'luser_actived'=>$lng['user_actived'],
- 'lposts'=>$lng['posts'],
- 'posts'=>$userinfo['posts'],
- 'ldefault_lang'=>$lng['default_lang'],
- 'default_lang'=>ListDir('../lngs', $userinfo['lang']),
- 'l2default_lang'=>$lng['select_lang'],
- 'ldefault_skin'=>$lng['default_skin2'],
- 'default_skin'=>ListDir('../skins', $userinfo['skin']),
- 'l2default_skin'=>$lng['select_skin'],
- 'lapr'=>$lng['avatar_settings'],
- 'lsubmit'=>$lng['save'],
- 'allow'=>$lng['allow'],
- 'lreset'=>$lng['reset'],
- 'nick'=>$userinfo['nick'],
- 'user'=>$lng['user'],
- 'lallow_shoutbox'=>$lng['allow_shoutbox'],
- 'allow_shoutbox'=>($userinfo['view_shoutbox']==1) ? 'checked="checked"' : '',
- //options profile
- 'sig'=>$userinfo['sig'],
- 'avatar'=>$userinfo['avatar'],
- 'interests'=>$userinfo['interests'],
- 'email'=>$userinfo['email'],
- 'gg'=>$userinfo['gg'],
- //options values
- 'option_no_gg'=>($userinfo['allow_gg']==0) ? 'checked="checked"' : '',
- 'option_no_email'=>($userinfo['allow_email']==0) ? 'checked="checked"' : '',
- 'option_no_qr'=>($userinfo['allow_qr']==0) ? 'checked="checked"' : '',
- 'option_yes_gg'=>($userinfo['allow_gg']==1) ? 'checked="checked"' : '',
- 'option_yes_email'=>($userinfo['allow_email']==1) ? 'checked="checked"' : '',
- 'option_yes_qr'=>($userinfo['allow_qr']==1) ? 'checked="checked"' : '',
- 'option_no_ua'=>($userinfo['active']==0) ? 'checked="checked"' : '',
- 'option_yes_ua'=>($userinfo['active']==1) ? 'checked="checked"' : '',
- //user rank
- 'option_0_rank'=>($userinfo['rank']==0) ? 'checked="checked"' : '',
- 'option_1_rank'=>($userinfo['rank']==1) ? 'checked="checked"' : '',
- 'option_2_rank'=>($userinfo['rank']==2) ? 'checked="checked"' : '',
- 'no'=>$lng['no'],
- 'lavfile'=>$lng['avatar_file'],
- 'yes'=>$lng['yes']
- );
- if ($msg=='')
- {
- $msg = './template/blank.tpl';
- }
- Admin_Over::GenerateHeader();
- include('./template/user_edit_body.tpl');
- include('./template/overall_footer.tpl');;
- break;
- }
- case 'view':
- {
- if (isset($_GET['page'])&&($_GET['page']!=1))
- {
- if (!is_numeric($_GET['page']))
- {
- die('Hacking attempt');
- }
- $value = ($_GET['page']-1)*30;
- $limit = 'LIMIT '.$value . ', 30';
- $page = $_GET['page'];
- }
- else
- {
- $limit = 'LIMIT 0, 30';
- $page=1;
- }
- $count = DataBase::fetch(DataBase::sql_query("SELECT COUNT(`u_id`) as `u_id`
- FROM ".USERS_TABLE,GENERAL,'Could not obtain count amout of users'));
- $count = $count['u_id'];
- $count = ceil($count /30);
- if(isset($_GET['page']) && ($_GET['page']>$count))
- {
- message_forum($lng['invalidpage'],'admin_users.php');
- }
- if (isset($_COOKIE['users_desc'], $_POST['desc']))
- {
- unset($_COOKIE['users_desc']);
- }
- if (isset($_POST['sort'],$_COOKIE['users_sort']))
- {
- unset($_COOKIE['users_sort']);
- }
- if (!isset($_COOKIE['users_desc']))
- {
- if (isset($_POST['desc']))
- {
- switch($_POST['desc'])
- {
- case 'yes':
- {
- @setcookie('users_desc','desc',time()+3600);
- $_COOKIE['users_desc'] = 'desc';
- $desc = 'DESC';
- break;
- }
- case 'no':
- {
- @setcookie('users_desc','no',time()+3600);
- $_COOKIE['users_desc'] = 'no';
- $desc = '';
- break;
- }
- }
- }
- else
- {
- @setcookie('users_desc','no',time()+3600);
- $_COOKIE['users_desc'] = 'no';
- $desc = '';
- }
- }
- else
- {
- $desc = ($_COOKIE['users_desc']=='desc') ? 'DESC' : '';
- }
- if (!isset($_COOKIE['users_sort']))
- {
- if (isset($_POST['sort']))
- {
- switch($_POST['sort'])
- {
- case 'regdate':
- {
- @setcookie('users_sort','regdate',time()+3600);
- $_COOKIE['users_sort'] = 'regdate';
- break;
- }
- case 'lastvisit':
- {
- @setcookie('users_sort','lastvisit',time()+3600);
- $_COOKIE['users_sort'] = 'lastvisit';
- break;
- }
- case 'uname':
- {
- @setcookie('users_sort','uname',time()+3600);
- $_COOKIE['users_sort'] = 'uname';
- break;
- }
- case 'posts':
- {
- @setcookie('users_sort','posts',time()+3600);
- $_COOKIE['users_sort'] = 'posts';
- break;
- }
- }
- }
- else
- {
- @setcookie('users_sort','regdate',time()+3600);
- $_COOKIE['users_sort'] = 'regdate';
- }
- }
- //add skin variables
- $skin = array(
- 'ldesc' => $lng['desc'],
- 'lselectusers'=>$lng['sort_u_by'],
- 'ltitle'=>$lng['admin_users'],
- 'lregdate'=>$lng['luregister'],
- 'llastvisit'=>$lng['lulastvisit'],
- 'lposts'=>$lng['posts'],
- 'luname'=>$lng['user_name'],
- 'lgo'=>$lng['lgo'],
- 'desc_yes_option'=>(($_COOKIE['users_desc']=='desc') || ((isset ($_POST['desc'])) && ($_POST['desc']=='yes'))) ? 'selected="selected"' : '',
- 'desc_no_option'=>(($_COOKIE['users_desc']=='no') || ((isset ($_POST['desc'])) && ($_POST['desc']=='no'))) ? 'selected="selected"' : '',
- 'regdate_option'=>(($_COOKIE['users_sort']=='regdate') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
- 'lastvisit_option'=>(($_COOKIE['users_sort']=='lastvisit') || ((isset ($_POST['sort'])) && ($_POST['sort']=='lastvisit'))) ? 'selected="selected"' : '',
- 'posts_option'=>(($_COOKIE['users_sort']=='posts') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '',
- 'uname_option'=>(($_COOKIE['users_sort']=='uname') || ((isset ($_POST['sort'])) && ($_POST['sort']=='uname'))) ? 'selected="selected"' : '',
- 'lyes'=>$lng['yes'],
- 'lno'=>$lng['no']
- );
- //do it!
- Admin_Over::GenerateHeader();
- include('./template/users_beam_body.tpl');
- switch($_COOKIE['users_sort'])
- {
- case 'regdate':
- {
- $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `regdate` $desc $limit;";
- break;
- }
- case 'lastvisit':
- {
- $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `lastvisit` $desc $limit;";
- break;
- }
- case 'uname':
- {
- $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `nick` $desc $limit;";
- break;
- }
- case 'posts':
- {
- $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `posts` $desc $limit;";
- break;
- }
- }
- $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain user information.');
- while($result = DataBase::fetch($query))
- {
- $skin = array(
- 'id'=>$result['u_id'],
- 'uname'=>Topic::UserName($result['nick'], $result['rank']),
- 'regdate'=>date('d-m-Y, G:i',$result['regdate']),
- 'lastvisit'=>($result['lastvisit']!='0') ? date('d-m-Y, G:i',$result['lastvisit']) : $lng['never'],
- 'posts'=>$result['posts'],
- 'c_del_user'=>$lng['c_delete_user']
- );
- include('./template/user_item_add_body.tpl');
- }
- $skin = array(
- 'option_pages'=>ListPages($page, $count),
- 'lwith'=>$lng['with'],
- 'lpage'=>$lng['page'],
- 'lpages'=>$count
- );
- include('./template/users_end_body.tpl');
- include('./template/overall_footer.tpl');
- break;
- }
- default:
- {
- header('Location: admin_users.php?mode=view');
- break;
- }
- }
- ?>
|