Просмотр файла vavok-1.5.3/adminpanel/users.php

Конкурс дизайнеров на 15000 рублей
СЕРВИС ИНТЕРНЕТ РЕКЛАМЫ
Размер файла: 11.89Kb 
  1. <?php 
  2. // (c) vavok.net
  3. require_once"../include/startup.php";
  4.  
  5. if (!$users->is_reg() || !$users->is_administrator()) { redirect_to('./?error=noauth'); }
  6.  
  7. if (!empty($_GET['action'])) {
  8.     $action = check($_GET["action"]);
  9. } else {
  10.     $action = '';
  11. } 
  12. if (!empty($_POST['users'])) {
  13.     $user = check($_POST['users']);
  14. } elseif (!empty($_GET['users'])) {
  15.     $user = check($_GET['users']);
  16. } else { $user = ''; }
  17.  
  18. $users_id = $users->getidfromnick($user);
  19.  
  20. require_once BASEDIR . "themes/" . MY_THEME . "/index.php";
  21.  
  22. if (empty($action)) {
  23.     echo '<form method="post" action="users.php?action=edit">';
  24.     echo $lang_admin['chooseuser'] . ':<br>';
  25.     echo '<input type="text" name="users" maxlength="20" /><br><br>';
  26.     echo '<input value="' . $lang_admin['showdata'] . '" type="submit" /></form><hr>';
  27. }
  28.  
  29. // change profile
  30. if ($action == "edit") {
  31.  
  32.     if (!empty($user)) {
  33.  
  34.         $userexists = $db->get_data('vavok_users', "name='{$user}'");
  35.  
  36.         if (!empty($userexists['name'])) {
  37.  
  38.             $userx_id = $users->getidfromnick($user);
  39.             $about_userx = $db->get_data('vavok_about', "uid='" . $userx_id . "'", 'city, about, email, site, rname');
  40.             $userx_profil = $db->get_data('vavok_profil', "uid='" . $userx_id . "'", 'perstat, regdate, subscri, regche, allban, lastvst');
  41.             $show_userx = $db->get_data('vavok_users', "id='" . $userx_id . "'", 'perm, browsers, banned, ipadd');
  42.             
  43.             if (!empty($userx_id)) {
  44.  
  45.                 echo '<img src="../images/img/profiles.gif" alt=""> ' . $lang_admin['usrprofile'] . ' ' . $user . '<br>';
  46.  
  47.                 if ($users->show_username() != $config["adminNick"] && $user == $config["adminNick"]) {
  48.                     echo '<br>' . $lang_admin['noauthtoedit'] . '!<br>';
  49.                     require_once BASEDIR . "themes/" . MY_THEME . "/foot.php";
  50.                     exit;
  51.                 } 
  52.  
  53.                 if (($users->show_username() != $config["adminNick"]) && ($show_userx['perm'] == 101 || $show_userx['perm'] == 102 || $show_userx['perm'] == 103 || $show_userx['perm'] == 105) && $users->show_username() != $user) {
  54.                     echo '<br>' . $lang_admin['noauthtoban'] . '!<br>';
  55.                     require_once BASEDIR . "themes/" . MY_THEME . "/foot.php";
  56.                     exit;
  57.                 } 
  58.                 $casenick = strcasecmp($user, $users->show_username());
  59.                 if ($casenick == 0) {
  60.                     echo '<b><font color="red">' . $lang_admin['myprofile'] . '!</font></b><br><br>';
  61.                 } 
  62.  
  63.                 echo '<form method="post" action="users.php?action=upgrade&amp;users=' . $user . '">';
  64.  
  65.                 $userx_access = (int)$show_userx['perm'];
  66.  
  67.                 if ($_SESSION['permissions'] == 101 && $users->show_username() == $config["adminNick"]) {
  68.                     $array_dostup = array(101 => "" . $lang_home['access101'] . "", 102 => "" . $lang_home['access102'] . "", 103 => "" . $lang_home['access103'] . "", 105 => "" . $lang_home['access105'] . "", 106 => "" . $lang_home['access106'] . "", 107 => "" . $lang_home['access107'] . "");
  69.                     if ($userx_access == "0" || empty($userx_access)) {
  70.                         $userx_access = "107";
  71.                     } 
  72.  
  73.                     echo $lang_admin['accesslevel'] . ':<br>';
  74.                     echo '<select name="udd7"><option value="' . $userx_access . '">' . $array_dostup[$userx_access] . '</option>';
  75.  
  76.                     foreach($array_dostup as $k => $v) {
  77.                         if ($k != $userx_access) {
  78.                             echo '<option value="' . $k . '">' . $v . '</option>';
  79.                         } 
  80.                     } 
  81.                     echo '</select><br>';
  82.                 } 
  83.  
  84.                 // website permitions for various sections
  85.                 if (file_exists('specperm.php')) {
  86.                     echo '<a href="specperm.php?users=' . $userx_id . '" class="btn btn-outline-primary sitelink">Special permitions</a><br />';
  87.                 }
  88.  
  89.                 echo $lang_admin['newpassinfo'] . ':<br><input name="udd1" /><br>';
  90.                 echo $lang_admin['city'] . ':<br><input name="udd2" value="' . $about_userx['city'] . '" /><br>';
  91.                 echo $lang_admin['aboutyou'] . ':<br><input name="udd3" value="' . $about_userx['about'] . '" /><br>';
  92.                 echo 'Email:<br><input name="udd4" value="' . $about_userx['email'] . '" /><br>';
  93.                 echo $lang_admin['site'] . ':<br><input name="udd5" value="' . $about_userx['site'] . '" /><br>'; 
  94.                 // echo $lang_admin['regdate'] . ':<br><input name="udd6" value="' . date_fixed(check($userx_profil[1]), "d.m.Y") . '" /><br>';
  95.                 echo $lang_admin['browser'] . ':<br><input name="udd13" value="' . $show_userx['browsers'] . '" /><br>';
  96.                 echo $lang_admin['name'] . ':<br><input name="udd29" value="' . $about_userx['rname'] . '" /><br>';
  97.                 echo $lang_admin['perstatus'] . ':<br><input name="udd40" value="' . $userx_profil['perstat'] . '" /><br>';
  98.  
  99.                 echo $lang_admin['sitenews'] . ': ';
  100.                 if ($userx_profil['subscri'] == "1") {
  101.                     echo '<b>' . $lang_admin['subscribed'] . '</b><br>';
  102.                 } else {
  103.                     echo '<b>' . $lang_admin['notsubed'] . '</b><br>';
  104.                 } 
  105.                 if ($show_userx['banned'] == "1") {
  106.                     echo '<font color="#FF0000"><b>' . $lang_admin['confban'] . '</b></font><br>';
  107.                 } 
  108.                 if ($userx_profil['regche'] == "1") {
  109.                     echo '<font color="#FF0000"><b>' . $lang_admin['notactivated'] . '</b></font><br>';
  110.                 } 
  111.                 echo '' . $lang_admin['numbbans'] . ': <b>' . (int)$userx_profil['allban'] . '</b><br>';
  112.                 echo $lang_admin['lastvst'] . ': <b>' . date_fixed($userx_profil['lastvst'], 'j.m.Y. / H:i') . '</b><br>';
  113.                 echo 'IP: <b>' . $show_userx['ipadd'] . '</b><br>';
  114.  
  115.                 echo '<br><input value="' . $lang_home['save'] . '" type="submit" /></form><hr>';
  116.  
  117.                 if ($userx_access < 101 || $userx_access > 105) {
  118.                     echo '<b><a href="users.php?action=poddel&amp;users=' . $user . '" class="btn btn-outline-primary sitelink">' . $lang_admin['deluser'] . '</a></b>';
  119.                 } 
  120.             } else {
  121.                 echo $lang_admin['usrnoexist'] . '!';
  122.             } 
  123.         } else {
  124.             echo $lang_admin['usrnoexist'] . '!';
  125.         } 
  126.     } else {
  127.         echo $lang_admin['usrnoexist'] . '!';
  128.     } 
  129.  
  130.     echo '<br><a href="users.php" class="btn btn-outline-primary sitelink">' . $lang_home['back'] . '</a>';
  131. }
  132.  
  133. // update changes
  134. if ($action == "upgrade") {
  135.  
  136.     $udd1 = isset($_POST['udd1']) ? check($_POST['udd1']) : '';
  137.     $udd2 = isset($_POST['udd2']) ? check($_POST['udd2']) : '';
  138.     $udd3 = isset($_POST['udd3']) ? check($_POST['udd3']) : '';
  139.     $udd4 = isset($_POST['udd4']) ? check($_POST['udd4']) : '';
  140.     $udd5 = isset($_POST['udd5']) ? check($_POST['udd5']) : '';
  141.     $udd6 = isset($_POST['udd6']) ? check($_POST['udd6']) : '';
  142.     $udd7 = isset($_POST['udd7']) ? check($_POST['udd7']) : ''; // access level
  143.     $udd8 = isset($_POST['udd8']) ? check($_POST['udd8']) : '';
  144.     $udd9 = isset($_POST['udd9']) ? check($_POST['udd9']) : '';
  145.     $udd10 = isset($_POST['udd10']) ? check($_POST['udd10']) : '';
  146.     $udd11 = isset($_POST['udd11']) ? check($_POST['udd11']) : '';
  147.     $udd12 = isset($_POST['udd12']) ? check($_POST['udd12']) : '';
  148.     $udd13 = isset($_POST['udd13']) ? check($_POST['udd13']) : '';
  149.     $udd29 = isset($_POST['udd29']) ? check($_POST['udd29']) : '';
  150.     $udd40 = isset($_POST['udd40']) ? check($_POST['udd40']) : '';
  151.     $udd43 = isset($_POST['udd43']) ? check($_POST['udd43']) : '';
  152.  
  153.     if ($users->validate_email($udd4)) {
  154.  
  155.         if (empty($udd5) || validateURL($udd5) === true) {
  156.  
  157.             $users_id = $users->getidfromnick($user);
  158.  
  159.             if (!empty($users_id)) {
  160.                 if (!empty($udd6)) {
  161.                     list($uday, $umonth, $uyear) = explode(".", $udd6);
  162.                     $udd6 = mktime('0', '0', '0', $umonth, $uday, $uyear);
  163.                 }
  164.  
  165.                 // update profil
  166.                 $userx_pass = $db->get_data('vavok_users', "id='{$users_id}'", 'pass');
  167.  
  168.                 if ($udd1 != "") {
  169.                     $newpass = $users->password_encrypt($udd1);
  170.                 } 
  171.  
  172.                 if (!empty($newpass)) {
  173.                     $db->update('vavok_users', 'pass', no_br($newpass), "id='{$users_id}'");
  174.                 }
  175.  
  176.                 // access level
  177.                 if (!empty($udd7)) {
  178.                     $db->update('vavok_users', 'perm', (int)$udd7, "id='{$users_id}'");
  179.                 }
  180.  
  181.                 if ($udd7 == 101 || $udd7 == 102 || $udd7 == 103 || $udd7 == 105 || $udd7 == 106) {
  182.  
  183.                     // Insert data to database if does not exsist
  184.                     if ($db->count_row('specperm', "permname='adminpanel' AND uid='{$users_id}'") < 1) {
  185.  
  186.                         $values = array(
  187.                             'permname' => 'adminpanel',
  188.                             'permacc' => 'show',
  189.                             'uid' => $users_id
  190.                         );
  191.                         // Insert data to database
  192.                         $db->insert_data('specperm', $values);
  193.  
  194.                     }
  195.  
  196.                 }
  197.  
  198.  
  199.                 $db->update('vavok_users', 'browsers', no_br(check($udd13)), "id='{$users_id}'");
  200.  
  201.                 $fields = array('city', 'about', 'email', 'site', 'rname');
  202.                 $values = array(no_br(check($udd2)), check($udd3), no_br(htmlspecialchars(stripslashes(strtolower($udd4)))), no_br(check($udd5)), no_br(check($udd29)));
  203.                 $db->update('vavok_about', $fields, $values, "uid='" . $users_id . "'");
  204.                 
  205.                 $db->update('vavok_profil', 'perstat', no_br(check($udd40)), "uid='{$users_id}'");
  206.  
  207.                 echo $lang_admin['usrdataupd'] . '!<br>';
  208.  
  209.                 if (!empty($udd1)) {
  210.                     echo '<font color=red>' . $lang_admin['passchanged'] . ': ' . $udd1 . '</font> <br>';
  211.                 } 
  212.                 echo '<a href="users.php" class="btn btn-outline-primary sitelink">' . $lang_admin['changeotheruser'] . '</a><br>';
  213.             } else {
  214.                 echo $lang_admin['usrnoexist'] . '!<br>';
  215.             }
  216.         } else {
  217.             echo $lang_admin['urlnotok'] . '!<br>';
  218.         } 
  219.     } else {
  220.         echo $lang_admin['emailnotok'] . '<br>';
  221.     } 
  222.     echo '<br><a href="users.php?action=edit&amp;users=' . $user . '" class="btn btn-outline-primary sitelink">' . $lang_home['back'] . '</a>';
  223. } 
  224.  
  225. // confirm delete
  226. if ($action == "poddel") {
  227.     echo $lang_admin['confusrdel'] . ' <b>' . $user . '</b>?<br><br>';
  228.     echo '<b><a href="users.php?action=deluser&amp;users=' . $user . '" class="btn btn-outline-primary sitelink">' . $lang_admin['deluser'] . '</a></b>';
  229.  
  230.     echo '<br><a href="users.php?action=edit&amp;users=' . $user . '" class="btn btn-outline-primary sitelink">' . $lang_home['back'] . '</a>';
  231. } 
  232.  
  233. // delete user
  234. if ($action == "deluser") {
  235.     if ($user != $config["adminNick"]) {
  236.         $userx_id = $users->getidfromnick($user);
  237.         $show_userx = $db->get_data('vavok_users', "id='" . $userx_id . "'", 'perm');
  238.  
  239.         if ($show_userx['perm'] < 101 || $show_userx['perm'] > 105) {
  240.             $users->delete_user($user);
  241.             echo $lang_admin['usrdeleted'] . '!<br>';
  242.  
  243.             echo '<br><a href="users.php" class="btn btn-outline-primary sitelink">' . $lang_admin['changeotheruser'] . '</a><br>';
  244.         } else {
  245.             echo $lang_admin['noaccessdel'] . '<br>';
  246.             echo '<br><a href="users.php?action=edit&amp;users=' . $user . '" class="btn btn-outline-primary sitelink">' . $lang_home['back'] . '</a>';
  247.         } 
  248.     } 
  249. } 
  250.  
  251. echo '<p><a href="index.php" class="btn btn-outline-primary sitelink">' . $lang_home['admpanel'] . '</a><br>';
  252. echo '<a href="../" class="btn btn-primary homepage">' . $lang_home['home'] . '</a></p>';
  253.  
  254.  
  255. require_once BASEDIR . "themes/" . MY_THEME . "/foot.php";
  256. ?>