* @link http://pioder.gim2przemysl.int.pl/ * @license GNU GPL v3 **/ define('IN_uF', true); //include files include('./../config.php'); include('./../includes/constants.php'); include('./../includes/db.php'); include('./../includes/errors.php'); //connect to database DataBase::db_connect(); include('./../includes/sessions.php'); include('./../includes/classes/class_user.php'); include('./../common.php'); include('./../includes/admin/class_main.php'); include('./../includes/classes/class_topic.php'); include('./../includes/classes/class_posting.php'); include('./../includes/classes/secure.php'); $default_lang = Admin_Over::DefaultLang(); include('./../lngs/'.$default_lang.'/admin.php'); SessDelInvalid(); SessRegister(); SessDeleteOld(); if (User::UserInformation($_SESSION['uid'],'rank')!=2) { admin_message_forum($lng['yournotadmin'],'../index.php'); } if (!isset($_GET['mode'])) { header('Location: admin_users.php?mode=view'); } switch($_GET['mode']) { case 'delete': { $uid = intval($_GET['id']); //delete from users table $sql = "DELETE FROM ".USERS_TABLE." WHERE `u_id`='$uid'"; DataBase::sql_query($sql,GENERAL,'Could not delete user.'); //delete from PM SentBox table $sql = "DELETE FROM ".PM_SENTBOX_TABLE." WHERE `u_n_id`='$uid'"; DataBase::sql_query($sql,GENERAL,'Could not delete user sentbox messages.'); //update PM InBox table -> change u_n_id to Anonymous $sql = "UPDATE ".PM_INBOX_TABLE." SET `u_n_id`='-1' WHERE `u_n_id`='$uid'"; DataBase::sql_query($sql,GENERAL,'Could not update user inbox messages.'); //update user posts -> change u_id to Anonymous $sql = "UPDATE ".POSTS_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'"; DataBase::sql_query($sql,GENERAL,'Could edit post.'); //update shoutbox messages -> change u_id to Anonymous $sql = "UPDATE ".SHOUTBOX_TABLE." SET `u_id`='-1' WHERE `u_id`='$uid'"; DataBase::sql_query($sql,GENERAL,'Could edit shoutbox messages.'); //update user topics -> change u_id to Anonymous $sql = "UPDATE ".TOPICS_TABLE." SET `author`='-1' WHERE `author`='$uid'"; DataBase::sql_query($sql,GENERAL,'Could edit post.'); //back to admin users admin_message_forum($lng['user_deleted'],'admin_users.php'); break; } case 'edit': { $uid = intval($_GET['id']); $msg=''; $errors = true; if (isset($_POST['email'])) { if ( ereg ("^.+@.+\..+$", $_POST['email'])) { //if user changing password... if ($_POST['password']!='') { if (md5($_POST['password'])==User::UserInformation($_SESSION['uid'],'pass')) { if ($_POST['newpassword']==$_POST['confirmpassword']) { User::UpdatePassword($_SESSION['uid'], md5(strip_tags($_POST['newpassword']))); $errors = false; } else { $message=$lng['incorrect_password2']; $msg = './template/post_error_body.tpl'; } } else { $message=$lng['incorrect_password']; $msg = './template/post_error_body.tpl'; } } else { if ($_POST['default_skin']!='-1') { if ($_POST['default_lang']!='-1') { if ($_POST['limit_tpid']!='-1') { if ($_POST['limit_ftid']!='-1') { if ($_POST['limit_users']!='-1') { if (strlen(trim($_POST['sig']))<$forum_config['sig_len']) { $errors = false; } else { $message = $lng['signature_too_long']; $msg = './template/post_error_body.tpl'; } } else { $message = $lng['no_limit_users']; $msg = './template/post_error_body.tpl'; } } else { $message = $lng['no_limit_ftid']; $msg = './template/post_error_body.tpl'; } } else { $message = $lng['no_limit_tpid']; $msg = './template/post_error_body.tpl'; } } else { $message=$lng['invalid_lang']; $msg = './template/post_error_body.tpl'; } } else { $message=$lng['invalid_skin']; $msg = './template/post_error_body.tpl'; } } if (!$errors) { $_POST['ggnumber']=strip_tags($_POST['ggnumber']); $_POST['interests']=strip_tags($_POST['interests']); $_POST['sig']=Secure::TagsReplace($_POST['sig']); $allow_shoutbox = (isset($_POST['allow_shoutbox'])) ? '1' : 0; if (isset($_FILES['avatar_file']['tmp_name'])) { $extension = substr($_FILES['avatar_file']['name'],(strlen($_FILES['avatar_file']['name'])-3)); if (($extension == 'jpg') or ($extension == 'gif')) { if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg')) { unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.jpg'); } if (file_exists(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif')) { unlink(AV_CATALOG.'av-'.$_SESSION['uid'].'.gif'); } move_uploaded_file($_FILES['avatar_file']['tmp_name'], AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension); $_POST['avatar'] = AV_CATALOG.'av-'.$_SESSION['uid'].'.'.$extension; } else { $_POST['avatar'] = strip_tags($_POST['avatar']); } } else { $_POST['avatar'] = strip_tags($_POST['avatar']); } User::UpdateAdminPools($uid,strip_tags($_POST['posts']),$_POST['user_rank'],$_POST['user_active'], strip_tags($_POST['nick'])); User::UpdateProfile($uid,$_POST['ggnumber'],$_POST['email'],$_POST['interests'], $_POST['sig'],$_POST['avatar'],$_POST['allow_qr'],$_POST['allow_email'],$_POST['allow_gg'],$_POST['default_skin'],$_POST['default_lang'], $_POST['limit_tpid'],$_POST['limit_ftid'], $_POST['limit_users'], $allow_shoutbox); admin_message_forum($lng['profile_modernized'],'admin_users.php?mode=edit&id='.$uid); } } else { $message=$lng['invalid_email']; $msg = './template/post_error_body.tpl'; } } $sql = "SELECT * FROM ".USERS_TABLE." WHERE `u_id`='$uid'"; $userinfo = DataBase::fetch(DataBase::sql_query($sql,GENERAL,'Could not obtain user information')); if ($userinfo['rank']=='') { admin_message_forum($lng['no_user'],'admin_users.php?mode=view'); } //add skin variables $skin = array( //labels profile 'L.admin_users'=>$lng['admin_users'], 'lnick'=>$lng['user_name'], 'lpass'=>$lng['lpassw'], 'lnewpass'=>$lng['new_password'], 'lcpass'=>$lng['confirm_password'], 'lemail'=>'E-mail', 'lgg'=>$lng['gg_number'], 'lallow_gg'=>$lng['allow_gg'], 'lallow_email'=>$lng['allow_email'], 'lallow_qr'=>$lng['allow_qr'], 'linterests'=>$lng['luinterests'], 'lsig'=>$lng['sig'], 'lavaddr'=>$lng['picture_adress'], 'lovpr'=>$lng['general_settings'], 'L.select_value'=>$lng['select_value'], 'L.limit_users'=>$lng['limit_users'], 'OPTIONS.limit_users'=>Admin_Over::ListPages($userinfo['limit_users']), 'L.posts_in_topic'=>$lng['limit_posts'], 'OPTIONS.limit_tpid'=>Admin_Over::ListPages($userinfo['limit_tpid']), 'L.topics_in_forum'=>$lng['limit_topics'], 'OPTIONS.limit_ftid'=>Admin_Over::ListPages($userinfo['limit_ftid']), 'lupr'=>$lng['profile_settings'], 'lspr'=>$lng['signature_settings'], 'ladmpr'=>$lng['admin_settings'], 'luser_rank'=>$lng['user_rank'], 'luser_actived'=>$lng['user_actived'], 'lposts'=>$lng['posts'], 'posts'=>$userinfo['posts'], 'ldefault_lang'=>$lng['default_lang'], 'default_lang'=>Admin_Over::ListDir('lngs', $userinfo['default_lang']), 'l2default_lang'=>$lng['select_lang'], 'ldefault_skin'=>$lng['default_skin2'], 'default_skin'=>Admin_Over::ListDir('skins', $userinfo['default_skin']), 'l2default_skin'=>$lng['select_skin'], 'lapr'=>$lng['avatar_settings'], 'lsubmit'=>$lng['save'], 'allow'=>$lng['allow'], 'lreset'=>$lng['reset'], 'nick'=>$userinfo['nick'], 'user'=>$lng['user'], 'lallow_shoutbox'=>$lng['allow_shoutbox'], 'allow_shoutbox'=>($userinfo['view_shoutbox']==1) ? 'checked="checked"' : '', //options profile 'sig'=>$userinfo['sig'], 'avatar'=>$userinfo['avatar'], 'interests'=>$userinfo['interests'], 'email'=>$userinfo['email'], 'gg'=>$userinfo['gg'], //options values 'option_no_gg'=>($userinfo['allow_gg']==0) ? 'checked="checked"' : '', 'option_no_email'=>($userinfo['allow_email']==0) ? 'checked="checked"' : '', 'option_no_qr'=>($userinfo['allow_qr']==0) ? 'checked="checked"' : '', 'option_yes_gg'=>($userinfo['allow_gg']==1) ? 'checked="checked"' : '', 'option_yes_email'=>($userinfo['allow_email']==1) ? 'checked="checked"' : '', 'option_yes_qr'=>($userinfo['allow_qr']==1) ? 'checked="checked"' : '', 'option_no_ua'=>($userinfo['active']==0) ? 'checked="checked"' : '', 'option_yes_ua'=>($userinfo['active']==1) ? 'checked="checked"' : '', //user rank 'option_0_rank'=>($userinfo['rank']==0) ? 'checked="checked"' : '', 'option_1_rank'=>($userinfo['rank']==1) ? 'checked="checked"' : '', 'option_2_rank'=>($userinfo['rank']==2) ? 'checked="checked"' : '', 'no'=>$lng['no'], 'lavfile'=>$lng['avatar_file'], 'yes'=>$lng['yes'] ); if ($msg=='') { $msg = './template/blank.tpl'; } Admin_Over::GenerateHeader(); include('./template/user_edit_body.tpl'); include('./template/overall_footer.tpl');; break; } case 'view': { if (isset($_GET['page'])&&($_GET['page']!=1)) { if (!is_numeric($_GET['page'])) { die('Hacking attempt'); } $value = ($_GET['page']-1)*30; $limit = 'LIMIT '.$value . ', 30'; $page = $_GET['page']; } else { $limit = 'LIMIT 0, 30'; $page=1; } $count = DataBase::fetch(DataBase::sql_query("SELECT COUNT(`u_id`) as `u_id` FROM ".USERS_TABLE,GENERAL,'Could not obtain count amout of users')); $count = $count['u_id']; $count = ceil($count /30); if(isset($_GET['page']) && ($_GET['page']>$count)) { message_forum($lng['invalidpage'],'admin_users.php'); } if (isset($_COOKIE['users_desc'], $_POST['desc'])) { unset($_COOKIE['users_desc']); } if (isset($_POST['sort'],$_COOKIE['users_sort'])) { unset($_COOKIE['users_sort']); } if (!isset($_COOKIE['users_desc'])) { if (isset($_POST['desc'])) { switch($_POST['desc']) { case 'yes': { @setcookie('users_desc','desc',time()+3600); $_COOKIE['users_desc'] = 'desc'; $desc = 'DESC'; break; } case 'no': { @setcookie('users_desc','no',time()+3600); $_COOKIE['users_desc'] = 'no'; $desc = ''; break; } } } else { @setcookie('users_desc','no',time()+3600); $_COOKIE['users_desc'] = 'no'; $desc = ''; } } else { $desc = ($_COOKIE['users_desc']=='desc') ? 'DESC' : ''; } if (!isset($_COOKIE['users_sort'])) { if (isset($_POST['sort'])) { switch($_POST['sort']) { case 'regdate': { @setcookie('users_sort','regdate',time()+3600); $_COOKIE['users_sort'] = 'regdate'; break; } case 'lastvisit': { @setcookie('users_sort','lastvisit',time()+3600); $_COOKIE['users_sort'] = 'lastvisit'; break; } case 'uname': { @setcookie('users_sort','uname',time()+3600); $_COOKIE['users_sort'] = 'uname'; break; } case 'posts': { @setcookie('users_sort','posts',time()+3600); $_COOKIE['users_sort'] = 'posts'; break; } } } else { @setcookie('users_sort','regdate',time()+3600); $_COOKIE['users_sort'] = 'regdate'; } } //add skin variables $skin = array( 'ldesc' => $lng['desc'], 'lselectusers'=>$lng['sort_u_by'], 'ltitle'=>$lng['admin_users'], 'lregdate'=>$lng['luregister'], 'llastvisit'=>$lng['lulastvisit'], 'lposts'=>$lng['posts'], 'luname'=>$lng['user_name'], 'lgo'=>$lng['lgo'], 'desc_yes_option'=>(($_COOKIE['users_desc']=='desc') || ((isset ($_POST['desc'])) && ($_POST['desc']=='yes'))) ? 'selected="selected"' : '', 'desc_no_option'=>(($_COOKIE['users_desc']=='no') || ((isset ($_POST['desc'])) && ($_POST['desc']=='no'))) ? 'selected="selected"' : '', 'regdate_option'=>(($_COOKIE['users_sort']=='regdate') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '', 'lastvisit_option'=>(($_COOKIE['users_sort']=='lastvisit') || ((isset ($_POST['sort'])) && ($_POST['sort']=='lastvisit'))) ? 'selected="selected"' : '', 'posts_option'=>(($_COOKIE['users_sort']=='posts') || ((isset ($_POST['sort'])) && ($_POST['sort']=='posts'))) ? 'selected="selected"' : '', 'uname_option'=>(($_COOKIE['users_sort']=='uname') || ((isset ($_POST['sort'])) && ($_POST['sort']=='uname'))) ? 'selected="selected"' : '', 'lyes'=>$lng['yes'], 'lno'=>$lng['no'] ); //do it! Admin_Over::GenerateHeader(); include('./template/users_beam_body.tpl'); switch($_COOKIE['users_sort']) { case 'regdate': { $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `regdate` $desc $limit;"; break; } case 'lastvisit': { $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `lastvisit` $desc $limit;"; break; } case 'uname': { $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `nick` $desc $limit;"; break; } case 'posts': { $sql = "SELECT `u_id`,`nick`, `rank`, `regdate`, `lastvisit`, `posts` FROM `".USERS_TABLE."` WHERE `u_id`>0 ORDER BY `posts` $desc $limit;"; break; } } $query = DataBase::sql_query($sql,CRITICAL,'Could not obtain user information.'); while($result = DataBase::fetch($query)) { $skin = array( 'id'=>$result['u_id'], 'uname'=>Topic::UserName($result['nick'], $result['rank']), 'regdate'=>date('d-m-Y, G:i',$result['regdate']), 'lastvisit'=>($result['lastvisit']!='0') ? date('d-m-Y, G:i',$result['lastvisit']) : $lng['never'], 'posts'=>$result['posts'], 'c_del_user'=>$lng['c_delete_user'] ); include('./template/user_item_add_body.tpl'); } $skin = array( 'option_pages'=>Admin_Over::ListPages($page, $count), 'lwith'=>$lng['with'], 'lpage'=>$lng['page'], 'lpages'=>$count ); include('./template/users_end_body.tpl'); include('./template/overall_footer.tpl'); break; } default: { header('Location: admin_users.php?mode=view'); break; } } ?>