Размер файла: 4.29Kb
<? php require_once "../system/connect.php" ; require_once "../system/config.php" ; require_once "../system/functions.php" ; require_once "../system/dannuser.php" ; require_once "../system/start.php" ; echo '<title>редактирование юзеров</title>' ; if (( $_SESSION [ 'slogin' ]!= '' )&& ( $_SESSION [ 'spass' ])) { if (( $ddostup != 0 ) && ( $ddostup == 1 )) { if ( empty ( $_GET [ 'act' ])) { $_GET [ 'act' ]= "index" ; } if ( $_GET [ 'act' ]== "index" ) { if ( empty ( $_GET [ 'start' ])) { $start = 0 ; } else { $start = $_GET [ 'start' ]; } $skolkouser = mysql_query ( "SELECT COUNT(*) FROM `users`;" ); $countuser = mysql_result ( $skolko , 0 ); $q = mysql_query ( "SELECT * FROM `users` ORDER BY `datareg` DESC LIMIT $start,$num;" ); while ( $user = mysql_fetch_array ( $q )) { echo "<a href=\"../pages/anketa.php?id=$user[login]\">$user[login]</a><br> <a href=\"edituser.php?act=edit&id=$user[id]\">[edit]</a> <a href=\"edituser.php?act=deluser&id=$user[id]\">[del] </a>" ; if ( $user [ 'ban' ]== 0 ) { echo "<a href=\"edituser.php?act=ban&id=$user[id]\"> [бан]</a><br><br>" ; } else { echo "<a href=\"edituser.php?act=razban&id=$user[id]\">[разбан]</a><br><br>" ; } } if ( $start != 0 ) { echo '<a href="edituser.php?start=' .( $start - $num ). '">назад</a>' ; } else { echo 'назад' ; } echo ' | ' ; if ( $countuser > $start + $num ) { echo '<a href="edituser.php?start=' .( $start + $num ). '">далее</a>' ; } else { echo 'далее' ; } } if ( $_GET [ 'act' ]== "edit" ) { $id = $_GET [ 'id' ]; if (! ctype_digit ( $id )) die ( "id должен быть числом!" ); $q = mysql_query ( "SELECT * FROM `users` WHERE `id`='" . $id . "';" ); $arr = mysql_fetch_array ( $q ); if (( $arr [ 'dostup' ]== 1 ) && ( $dlogin != $setlogadm )) die ( "нельзя редактировать админов!" ); if ( $arr [ 'dostup' ]== 1 ) { $edos = "админ" ; } else { $edos = "юзер" ; } echo '<form action="edituser.php?act=ok" method="post">' ; echo "Досуп:<br>" ; echo '<select name="edostup">' ; echo '<option value="' . $edos . '">' . $edos . '' ; echo '<option value="1">админ' ; echo '<option value="0">юзер' ; echo '<input type="hidden" name="id" value="' . $id . '"><br> Имя:<br><input type="text" name="uname" value="' . $arr [ 'name' ]. '" maxlength="15"><br> ICQ:<br><input type="text" name="uicq" value="' . $arr [ 'icq' ]. '" maxlength="10"><br> Дата реги:<br><input type="text" name="udatareg" value="' . $arr [ 'datareg' ]. '" maxlength="10"><br> Откуда:<br><input type="text" name="uotkuda" value="' . $arr [ 'otkuda' ]. '" maxlength="50"><br> Дата рождение:<br><input type="text" name="udataroz" value="' . $arr [ 'dataroz' ]. '" maxlength="10"><br> <input type="submit" name="sub" value="изменить"></form><br>' ; } if ( $_GET [ 'act' ]== "ok" ) { $id = intval ( $_POST [ 'id' ]); $uicq = intval ( $_POST [ 'uicq' ]); $edostup = intval ( $_POST [ 'edostup' ]); $uname = check ( $_POST [ 'uname' ]); $udatareg = check ( $_POST [ 'udatareg' ]); $uotkuda = check ( $_POST [ 'uotkuda' ]); $udataroz = check ( $_POST [ 'udataroz' ]); ereg ( "([0-9]{1,2})\.([0-9]{1,2})\.([0-9]{2,4})" , $udataroz ) or die ( "Неверный формат даты!" ); $update = mysql_query ( "UPDATE `users` SET `dostup`='" . $edostup . "', `name`='" . mysql_real_escape_string ( $uname ). "',`datareg`='" . mysql_real_escape_string ( $udatareg ). "',`otkuda`='" . mysql_real_escape_string ( $uotkuda ). "', `icq`='" . $uicq . "', `dataroz`='" . mysql_real_escape_string ( $udataroz ). "' WHERE `id`='" . $id . "';" ); if ( $update ) { echo "профиль изменен!<br>" ; } else { echo "Изменение не удались!<br>" ; } } if ( $_GET [ 'act' ]== "ban" ) { $id = intval ( $_GET [ 'id' ]); $ban = mysql_query ( "UPDATE `users` SET `ban`='1' WHERE `id`='" . $id . "';" ); if ( $ban ) { echo "Юзер забанен!<br>" ; } } if ( $_GET [ 'act' ]== "razban" ) { $id = $_GET [ 'id' ]; $razban = mysql_query ( "UPDATE `users` SET `ban`='0' WHERE `id`='" . $id . "';" ); if ( $razban ) { echo "Юзер разбанен!<br>" ; }} if ( $_GET [ 'act' ]== "deluser" ) { echo "Вы уверены?<br> <a href=\"edituser.php?act=del&id=" . $_GET [ 'id' ]. "\">Да</a> | <a href=\"edituser.php\">Нет</a><br>" ; } if ( $_GET [ 'act' ]== "del" ) { $id = intval ( $_GET [ 'id' ]); $delete_user = mysql_query ( "DELETE FROM `users` WHERE `id`='" . $id . "' LIMIT 1;" ); if ( $delete_user ) { echo "Юзер удален!<br>" ; } } } else { echo "У вас нет прав для редактирования юзеров!<br>" ; } } else { Header ( "Location:index.php" ); exit ; } require_once "../foot.php" ; ?>