-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathedit_user.php
More file actions
executable file
·118 lines (98 loc) · 6.1 KB
/
edit_user.php
File metadata and controls
executable file
·118 lines (98 loc) · 6.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php /*====================================================================================
SamNews [http://samjlevy.com/samnews], open-source PHP social news application
sam j levy [http://samjlevy.com]
This program is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this
program. If not, see <http://www.gnu.org/licenses/>.
====================================================================================*/
include('config.php');
// query user information
$user_result = samq("users","id,login,email,about,perm_mod,perm_admin,post_count,comment_count,vote_count,forgot_key",NULL,"login = '" . esc($_GET['user']) . "'");
// prevent unauthorized or mods editing mods/admins
if( isset($_SESSION['access']) && (($_SESSION['access'] == 2 && $user_result[0]['perm_mod'] != 1 && $user_result[0]['perm_admin'] != 1) || $_SESSION['access'] == 3)) {
// handle form submit
if(isset($_POST['email'])) {
$error = 0;
$error_msg = array();
// validate fields
if(!isset($_POST['email']) || trim($_POST['email']) == "") { $error = 1; $error_msg[] = "email cannot be blank"; }
elseif(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $error = 1; $error_msg[] = "invalid email"; }
if($error == 0) {
$user_update = "UPDATE users SET";
if(trim($_POST['password'] != "")) {
$user_update .= " password = '" . sha1($_POST['password']) . "',";
}
$user_update .= " email = '" . esc($_POST['email']) . "',";
$user_update .= " about = " . ((trim($_POST['about']) != "") ? "'" . esc($_POST['about']) . "'" : "NULL") . ",";
if(trim($_POST['permission'] == "perm_mod")) {
$user_update .= " perm_mod = 1,";
$user_update .= " perm_admin = 0,";
} elseif(trim($_POST['permission'] == "perm_admin")) {
$user_update .= " perm_mod = 0,";
$user_update .= " perm_admin = 1,";
} else {
$user_update .= " perm_mod = 0,";
$user_update .= " perm_admin = 0,";
}
$user_update .= " post_count = " . ((trim($_POST['post_count']) != "") ? esc($_POST['post_count']) : "0") . ",";
$user_update .= " comment_count = " . ((trim($_POST['comment_count']) != "") ? esc($_POST['comment_count']) : "0") . ",";
$user_update .= " vote_count = " . ((trim($_POST['vote_count']) != "") ? esc($_POST['vote_count']) : "0");
$user_update .= " WHERE id = " . $user_result[0]['id'];
// passed check, execute update
samq_c($user_update);
$success = "user has been edited";
}
}
include('head.php');
?>
<br />
<div class="content">
<span class="page_title">edit user</span><br />
<?php
// echo error message
if(isset($error) && $error == 1) {
echo "<br /><div class='error'>";
foreach ($error_msg as $e) {
echo $e . "<br />";
}
echo "</div><br />";
}
// echo success message
if(isset($success)) { echo "<br /><div class='success'>" . $success . "</div><br /><br /><a href='" . SITE_URL . "/u/" . htmlentities($_GET['user']) . "'>done</a>"; } else {
?>
<form method="post" action="<?php echo SITE_URL; ?>/edit/u/<?php echo $_GET['user']; ?>">
<?php foreach($user_result as $e) { ?>
<table class="admin_table" width="500">
<tr><td><strong>id</strong><br /><input type="text" name="id" style="width:98%;" value="<?php if(isset($e['id'])) echo trim($e['id']); ?>" disabled /></td></tr>
<tr><td><strong>login</strong><br /><input type="text" name="login" maxlength="12" style="width:98%;" value="<?php if(isset($e['login'])) echo trim($e['login']); ?>" disabled /></td></tr>
<tr><td><strong>password</strong><br /><input type="text" name="password" maxlength="45" style="width:98%;" /></td></tr>
<tr><td><strong>email</strong><br /><input type="text" name="email" maxlength="150" style="width:98%;" value="<?php if(isset($e['email'])) echo trim($e['email']); ?>" /></td></tr>
<tr><td><strong>about</strong><br /><input type="text" name="about" maxlength="255" style="width:98%;" value="<?php if(isset($e['about'])) echo trim($e['about']); ?>" /></td></tr>
<tr><td><strong>permission</strong><br /><select name="permission"<?php if($_SESSION['access'] != 3) echo " disabled"; ?>><option>user</option><option<?php if(isset($e['perm_mod'])) echo " selected='selected'"; ?> value="perm_mod">moderator</option><option<?php if(isset($e['perm_admin'])) echo " selected='selected'"; ?> value="perm_admin">admin</option></select></td></tr>
<tr><td><strong>post count</strong><br /><input type="text" name="post_count" style="width:98%;" value="<?php if(isset($e['post_count'])) echo trim($e['post_count']); ?>" /></td></tr>
<tr><td><strong>comment count</strong><br /><input type="text" name="comment_count" style="width:98%;" value="<?php if(isset($e['comment_count'])) echo trim($e['comment_count']); ?>" /></td></tr>
<tr><td><strong>vote count</strong><br /><input type="text" name="vote_count" style="width:98%;" value="<?php if(isset($e['vote_count'])) echo trim($e['vote_count']); ?>" /></td></tr>
<tr><td><strong>forgot key</strong><br /><input type="text" name="forgot_key" style="width:98%;" value="<?php if(isset($e['forgot_key'])) echo trim($e['forgot_key']); ?>" disabled /></td></tr>
</table>
<?php } ?>
<br />
<input type="button" value="cancel" onClick="location.href='<?php echo SITE_URL . "/ulist"; ?>'" />
<input type="submit" name="submit" value="submit" />
</form>
<?php } ?>
</div>
<br /><br />
<?php
include('foot.php');
} else {
header("Location: " . SITE_URL);
die();
}
?>