Location: PHPKode > projects > MGB OpenSource Guestbook > mgb-0.6.9.1/admin/edit_user.inc.php
<?php
	/*
	MGB 0.6.x - OpenSource PHP and MySql Guestbook
	Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
	*/

	// ================== //
	// edit_users.inc.php //
	// ================== //
	//
	// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //

	// make sure nobody has direct acces to this script
	if (!defined('ADMINISTRATION'))
		{
		include ("error.html");
		die();
		}
	else
		{
		if(check_rights($_GET['action'], $_SESSION['ID']))
			{
			// load config, settings, template and language files
			require ("../includes/config.inc.php");
			require ("../includes/load_settings.inc.php");
			require("../language/".$settings['language_path']."/lang_admin.php");
			require ("load_template_admin.inc.php");
			require ("../includes/functions.inc.php");

			// connect to database
			$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(edit_user.inc.php) Error, line 45: ".mysql_error());
			@mysql_select_db($db['dbname'], $link) or die ("(edit_user.inc.php) Error, line 46: ".mysql_error());

			$ok = 1;

			if (isset($_GET['mode']) AND $_GET['mode'] == "edit")
				{
				if(isset($_GET['id']))
					{
					if(isset($_POST['sent_edit_user']) AND $_POST['sent_edit_user'] == 1)
						{
						if(!isset($_POST['delete_user'])) { $_POST['delete_user'] = 0; }
						$_POST['delete_user'] = htmlspecialchars(stripslashes(strip_tags(trim($_POST['delete_user']))), ENT_QUOTES);
						if($_POST['delete_user'] == 1)
							{
							// check if user is able to change rights of the user
							// an admin can't revoke his own rights or delete himself
							if(login_ok(secure_value($_SESSION['username']), "", $_POST['old_password']))
								{
								if($_SESSION['lock'] == 1 AND $_SESSION['edit_username'] == $_SESSION['username'])
									{
									$errorcode = 8; // user tried to lock or delete his own account
									$ok = 0;
									}
								}
							else
								{
								$errorcode = 5; // wrong password
								}

							if(!isset($errorcode))
								{
								$sql = "DELETE FROM ".$db['prefix']."user WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
								@mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 78: ".mysql_error());
								}
							}
						else
							{
							// delete html code, php code and white spaces
							$_POST['name'] = cleanstr($_POST['name']);
							$_POST['email'] = cleanstr($_POST['email']);
							$_POST['user_is_active'] = cleanstr($_POST['user_is_active']);
							$_POST['user_level'] = cleanstr($_POST['user_level']);
							$_POST['r_settings'] = cleanstr($_POST['r_settings']);
							$_POST['r_activate'] = cleanstr($_POST['r_activate']);
							$_POST['r_deactivate'] = cleanstr($_POST['r_deactivate']);
							$_POST['r_delete'] = cleanstr($_POST['r_delete']);
							$_POST['r_edit'] = cleanstr($_POST['r_edit']);
							$_POST['r_spam'] = cleanstr($_POST['r_spam']);
							$_POST['r_edit_smilies'] = cleanstr($_POST['r_edit_smilies']);
							$_POST['old_password'] = cleanstr($_POST['old_password']);
							$_POST['new_password_1'] = cleanstr($_POST['new_password_1']);
							$_POST['new_password_2'] = cleanstr($_POST['new_password_2']);

							// check if a new password is set
							if(!empty($_POST['new_password_1']) AND !empty($_POST['new_password_2']))
								{
								if(!empty($_POST['old_password']))
									{
									if(login_ok(secure_value($_SESSION['username']), $_SESSION['ID'], $_POST['old_password']))
										{
										if($_POST['new_password_1'] == $_POST['new_password_2'])
											{
											if(strlen($_POST['new_password_1']) < $settings['password_min_length'])
												{
												$errorcode = 16; // new password is too short
												}
											else
												{
												$pass = "`user_password` = '".md5($_POST['new_password_1'])."',";
												}
											}
										else
											{
											$errorcode = 6; // new passwords are not identical
											}
										}
									else
										{
										$errorcode = 5; // wrong or no old password
										}
									}
								else
									{
									$errorcode = 5; // wrong or no old password
									}
								}
							else
								{
								$pass = NULL;
								}

							// check if email is valid
							if(!check_mail($_POST['email']))
								{
								$errorcode = 7; // no or no valid email
								}

							// name and email can't be empty
							if($_POST['name'] == "" OR $_POST['email'] == "")
								{
								$errorcode = 1; // necessary fields are empty
								}

							// check if user is able to change rights of the user
							// an admin can't revoke his own rights or delete himself
							if($_POST['user_level'] == 1 OR $_POST['user_is_active'] == 0)
								{
								if($_SESSION['lock'] == 1 AND $_SESSION['edit_username'] == $_SESSION['username'])
									{
									$errorcode = 8; // user tried to lock or delete his own account
									}
								}

							// check password
							if(login_ok("", secure_value($_SESSION['ID']), $_POST['old_password']))
								{
								if(!isset($errorcode) OR $errorcode == 0)
									{
									// save data to database
									$sql = "UPDATE ".$db['prefix']."user SET
											`user_name` = '".$_POST['name']."',
											".$pass."
											`user_email` = '".$_POST['email']."',
											`user_is_active` = '".$_POST['user_is_active']."',
											`user_level` = '".$_POST['user_level']."',
											`r_settings` = '".$_POST['r_settings']."',
											`r_activate` = '".$_POST['r_activate']."',
											`r_deactivate` = '".$_POST['r_deactivate']."',
											`r_delete` = '".$_POST['r_delete']."',
											`r_edit` = '".$_POST['r_edit']."',
											`r_edit_smilies` = '".$_POST['r_edit_smilies']."',
											`r_spam` = '".$_POST['r_spam']."'
											WHERE ID=".secure_value($_GET['id'])." LIMIT 1";

									if ( @mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, Line 180: ".mysql_error()) )
										{
										$saved_settings_successfull = 1;
										}
									$ok = 1;
									}
								else
									{
									$ok = 0;
									}
								}
							else
								{
								$errorcode = 5; // wrong password
								}
							}
						}

					if(!isset($_POST['sent_edit_user']) OR isset($errorcode))
						{
						if (isset($errorcode) AND $errorcode == 1) { $errormessage = $lang['errormessage1']; }
						if (isset($errorcode) AND $errorcode == 5) { $errormessage = $lang['errormessage5']; }
						if (isset($errorcode) AND $errorcode == 6) { $errormessage = $lang['errormessage6']; }
						if (isset($errorcode) AND $errorcode == 7) { $errormessage = $lang['errormessage7']; }
						if (isset($errorcode) AND $errorcode == 8) { $errormessage = $lang['errormessage8']; }
						if (isset($errorcode) AND $errorcode == 11) { $errormessage = $lang['errormessage11']; }
						if (isset($errorcode) AND $errorcode == 16) { $errormessage = $lang['errormessage16']; }
						if (!isset($errorcode)) { $errormessage = NULL; $content_errormessage = NULL; };

						$sql="SELECT * FROM ".$db['prefix']."user WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
						$result = @mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 210: ".mysql_error());

						$user = mysql_fetch_array($result);
						
						$page_edit_user_single = $content_edit_user_single;

						$userID = $user['ID'];
						$user_name = $user['user_name'];
						$user_email = $user['user_email'];
						$user_level = $user['user_level'];
						$user_is_active = $user['user_is_active'];
						$r_settings = $user['r_settings'];
						$r_activate = $user['r_activate'];
						$r_deactivate = $user['r_deactivate'];
						$r_delete = $user['r_delete'];
						$r_edit = $user['r_edit'];
						$r_spam = $user['r_spam'];
						$r_edit_smilies = $user['r_edit_smilies'];

						if($_SESSION['ID'] == $userID)
							{
							$_SESSION['lock'] = 1;
							$_SESSION['edit_username'] = $user_name;
							}
						else
							{
							$_SESSION['lock'] = 0;
							$_SESSION['edit_username'] = "";
							}

						if ($user_level == 0) { $selected_r_admin = " selected"; $selected_r_moderator = NULL; } else { $selected_r_admin = NULL; $selected_r_moderator = " selected"; }
						if ($user_is_active == 0) { $selected_user_is_active_0 = " selected"; $selected_user_is_active_1 = NULL; } else { $selected_user_is_active_0 = NULL; $selected_user_is_active_1 = " selected"; }
						if ($r_settings == 0) { $selected_r_settings_0 = " selected"; $selected_r_settings_1 = NULL; } else { $selected_r_settings_0 = NULL; $selected_r_settings_1 = " selected"; }
						if ($r_activate == 0) { $selected_r_activate_0 = " selected"; $selected_r_activate_1 = NULL; } else { $selected_r_activate_0 = NULL; $selected_r_activate_1 = " selected"; }
						if ($r_deactivate == 0) { $selected_r_deactivate_0 = " selected"; $selected_r_deactivate_1 = NULL; } else { $selected_r_deactivate_0 = NULL; $selected_r_deactivate_1 = " selected"; }
						if ($r_delete == 0) { $selected_r_delete_0 = " selected"; $selected_r_delete_1 = NULL; } else { $selected_r_delete_0 = NULL; $selected_r_delete_1 = " selected"; }
						if ($r_edit == 0) { $selected_r_edit_0 = " selected"; $selected_r_edit_1 = NULL; } else { $selected_r_edit_0 = NULL; $selected_r_edit_1 = " selected"; }
						if ($r_spam == 0) { $selected_r_spam_0 = " selected"; $selected_r_spam_1 = NULL; } else { $selected_r_spam_0 = NULL; $selected_r_spam_1 = " selected"; }
						if ($r_edit_smilies == 0) { $selected_r_edit_smilies_0 = " selected"; $selected_r_edit_smilies_1 = NULL; } else { $selected_r_edit_smilies_0 = NULL; $selected_r_edit_smilies_1 = " selected"; }

						$page_edit_user_single = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_edit_user_single);
						$page_edit_user_single = template("ERRORMESSAGE", $errormessage, $page_edit_user_single);

						$page_edit_user_single = template("LANG_ID", $lang['ID'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_NAME", $lang['name'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_EMAIL", $lang['email'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_ADMINISTRATOR", $lang['administrator'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_MODERATOR", $lang['moderator'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_USER_IS_ACTIVE", $lang['user_is_active'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_USER_TYPE", $lang['r_user_type'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_RIGHTS", $lang['edit_user_caption_rights'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_SETTINGS", $lang['r_settings'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_ACTIVATE", $lang['r_activate'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_DEACTIVATE", $lang['r_deactivate'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_DELETE", $lang['r_delete'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_EDIT", $lang['r_edit'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_SPAM", $lang['r_spam'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_R_EDIT_SMILIES", $lang['r_edit_smilies'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_PASSWORD", $lang['edit_user_caption_password'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_NEW_PASSWORD_1", $lang['new_password_1'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_NEW_PASSWORD_2", $lang['new_password_2'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_DELETE_USER", $lang['edit_user_caption_delete_user'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_DELETE_USER", $lang['delete_user'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_OLD_PASSWORD", $lang['edit_user_caption_old_password'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_OLD_PASSWORD", $lang['old_password'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_SAVE", $lang['save'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_NO", $lang['no'], $page_edit_user_single);
						$page_edit_user_single = template("LANG_YES", $lang['yes'], $page_edit_user_single);

						$page_edit_user_single = template("EDIT_USER_ID", $userID, $page_edit_user_single);
						$page_edit_user_single = template("EDIT_USER_NAME", $user_name, $page_edit_user_single);
						$page_edit_user_single = template("EDIT_USER_EMAIL", $user_email, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_USER_IS_ACTIVE_0", $selected_user_is_active_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_USER_IS_ACTIVE_1", $selected_user_is_active_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_ADMIN", $selected_r_admin, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_MODERATOR", $selected_r_moderator, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_SETTINGS_0", $selected_r_settings_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_SETTINGS_1", $selected_r_settings_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_ACTIVATE_0", $selected_r_activate_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_ACTIVATE_1", $selected_r_activate_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_DEACTIVATE_0", $selected_r_deactivate_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_DEACTIVATE_1", $selected_r_deactivate_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_DELETE_0", $selected_r_delete_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_DELETE_1", $selected_r_delete_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_EDIT_0", $selected_r_edit_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_EDIT_1", $selected_r_edit_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_SPAM_0", $selected_r_spam_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_SPAM_1", $selected_r_spam_1, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_EDIT_SMILIES_0", $selected_r_edit_smilies_0, $page_edit_user_single);
						$page_edit_user_single = template("SELECTED_R_EDIT_SMILIES_1", $selected_r_edit_smilies_1, $page_edit_user_single);

						$page_edit_user_single = template("FORM_ACTION", "admin.php?action=editusers&amp;mode=edit&amp;id=".$userID.$sid, $page_edit_user_single);

						$content_scrolling_function = NULL;

						$page_include = $page_edit_user_single;

						$ok = 0;
						}
					}
				}

			if(isset($_GET['mode']) AND $_GET['mode'] == "adduser")
				{
				if(isset($_POST['sent_edit_user_adduser']) AND $_POST['sent_edit_user_adduser'] == 1)
					{
					$_POST['name'] = cleanstr($_POST['name']);
					$_POST['email'] = cleanstr($_POST['email']);
					$_POST['user_is_active'] = cleanstr($_POST['user_is_active']);
					$_POST['user_level'] = cleanstr($_POST['user_level']);
					$_POST['r_settings'] = cleanstr($_POST['r_settings']);
					$_POST['r_activate'] = cleanstr($_POST['r_activate']);
					$_POST['r_deactivate'] = cleanstr($_POST['r_deactivate']);
					$_POST['r_delete'] = cleanstr($_POST['r_delete']);
					$_POST['r_edit'] = cleanstr($_POST['r_edit']);
					$_POST['r_spam'] = cleanstr($_POST['r_spam']);
					$_POST['r_edit_smilies'] = cleanstr($_POST['r_edit_smilies']);
					$_POST['old_password'] = cleanstr($_POST['old_password']);
					$_POST['new_password_1'] = cleanstr($_POST['new_password_1']);
					$_POST['new_password_2'] = cleanstr($_POST['new_password_2']);

					if(login_ok("", secure_value($_SESSION['ID']), $_POST['old_password']))
						{
						if(!check_if_user_exists(secure_value($_POST['name']), secure_value($_POST['email'])))
							{
							$errorcode = 11; // user already exists
							}
						}
					else
						{
						$errorcode = 5; // wrong password
						}
						
					if($_POST['new_password_1'] != $_POST['new_password_2'])
						{
						$errorcode = 6; // passwords are not identical
						}

					// check if email is valid
					if(!check_mail($_POST['email']))
						{
						$errorcode = 7; // no or no valid email
						}

					// name and email can't be empty
					if($_POST['name'] == "" OR $_POST['email'] == "")
						{
						$errorcode = 1; // necessary fields are empty
						}

					if(!isset($errorcode) OR $errorcode == 0)
						{
						if(!isset($_POST['logged_out'])) { $_POST['logged_out'] = 1; }
						
						$sql = "INSERT INTO ".$db['prefix']."user (
										`user_name`,
										`user_password`,
										`user_email`,
										`user_is_active`,
										`user_level`,
										`r_settings`,
										`r_activate`,
										`r_deactivate`,
										`r_delete`,
										`r_edit`,
										`r_spam`,
										`r_edit_smilies`,
										`logged_out`
									) VALUES (
										'".$_POST['name']."',
										'".md5($_POST['new_password_1'])."',
										'".$_POST['email']."',
										'".$_POST['user_is_active']."',
										'".$_POST['user_level']."',
										'".$_POST['r_settings']."',
										'".$_POST['r_activate']."',
										'".$_POST['r_deactivate']."',
										'".$_POST['r_delete']."',
										'".$_POST['r_edit']."',
										'".$_POST['r_spam']."',
										'".$_POST['r_edit_smilies']."',
										'".$_POST['logged_out']."'
									);";

						@mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 394: ".mysql_error());
						
						if(!isset($_POST['send_account_data'])) { $_POST['send_account_data'] = 0; }

						if($_POST['send_account_data'] == 1)
							{
							$url = "http://".$settings['h_domain'].$settings['gb_path']."admin/admin.php";

							$lang['sendmail_adduser_title'] = format_mail(repl_uml($lang['sendmail_adduser_title'], $charset), "", "", "", "", $settings['h_domain'], "", $_POST['name'], $_POST['new_password_1'], $url, "", "", "");
							$lang['sendmail_adduser_text'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_adduser_text']), $charset), "", "", "", "", $settings['h_domain'], "", $_POST['name'], $_POST['new_password_1'], $url, "", "", "");

							$mail_header = "content-type: text/plain; charset=".$charset."\n";
							$mail_header .= "from: ".$settings['admin_gbemail'];

							$mail_send = @mail($_POST['email'], $lang['sendmail_adduser_title'], $lang['sendmail_adduser_text'], $mail_header);
							if ($mail_send)
								{
								$sendemail_successfull = 1;
								}
							}
						}
					}

				if(!isset($_POST['sent_edit_user_adduser']) OR isset($errorcode))
					{
					if (isset($errorcode) AND $errorcode == 1) { $errormessage = $lang['errormessage1']; }
					if (isset($errorcode) AND $errorcode == 5) { $errormessage = $lang['errormessage5']; }
					if (isset($errorcode) AND $errorcode == 6) { $errormessage = $lang['errormessage6']; }
					if (isset($errorcode) AND $errorcode == 7) { $errormessage = $lang['errormessage7']; }
					if (isset($errorcode) AND $errorcode == 8) { $errormessage = $lang['errormessage8']; }
					if (isset($errorcode) AND $errorcode == 11) { $errormessage = $lang['errormessage11']; }
					if (isset($errorcode) AND $errorcode == 14) { $errormessage = $lang['errormessage14']; }
					if (isset($errorcode) AND $errorcode == 16) { $errormessage = $lang['errormessage16']; }
					if (!isset($errorcode)) { $content_errormessage = NULL; $errormessage = NULL; }

					$save_pw = generate_key_and_pw("", $settings['password_min_length']);

					$page_edit_user_adduser = $content_edit_user_adduser;

					$page_edit_user_adduser = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_edit_user_adduser);
					$page_edit_user_adduser = template("ERRORMESSAGE", $errormessage, $page_edit_user_adduser);

					$page_edit_user_adduser = template("LANG_NAME", $lang['name'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_EMAIL", $lang['email'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_ADMINISTRATOR", $lang['administrator'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_MODERATOR", $lang['moderator'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_USER_IS_ACTIVE", $lang['user_is_active'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_USER_TYPE", $lang['r_user_type'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_RIGHTS", $lang['edit_user_caption_rights'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_SETTINGS", $lang['r_settings'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_ACTIVATE", $lang['r_activate'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_DEACTIVATE", $lang['r_deactivate'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_DELETE", $lang['r_delete'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_EDIT", $lang['r_edit'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_SPAM", $lang['r_spam'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_R_EDIT_SMILIES", $lang['r_edit_smilies'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_PASSWORD", $lang['edit_user_caption_password'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_NEW_PASSWORD_1", $lang['new_password_1'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_NEW_PASSWORD_2", $lang['new_password_2'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_DELETE_USER", $lang['edit_user_caption_delete_user'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_DELETE_USER", $lang['delete_user'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_SEND_ACCOUNT_DATA", $lang['edit_user_caption_send_account_data'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_SEND_ACCOUNT_DATA", $lang['send_account_data'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_OLD_PASSWORD", $lang['edit_user_caption_old_password'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_OLD_PASSWORD", $lang['old_password'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_SAVE", $lang['save'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_NO", $lang['no'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("LANG_YES", $lang['yes'], $page_edit_user_adduser);

					if ($_POST['user_level'] == 0) { $selected_r_admin = " selected"; $selected_r_moderator = NULL; } else { $selected_r_admin = NULL; $selected_r_moderator = " selected"; }
					if ($_POST['user_is_active'] == 0) { $selected_user_is_active_0 = " selected"; $selected_user_is_active_1 = NULL; } else { $selected_user_is_active_0 = NULL; $selected_user_is_active_1 = " selected"; }
					if ($_POST['r_settings'] == 0) { $selected_r_settings_0 = " selected"; $selected_r_settings_1 = NULL; } else { $selected_r_settings_0 = NULL; $selected_r_settings_1 = " selected"; }
					if ($_POST['r_activate'] == 0) { $selected_r_activate_0 = " selected"; $selected_r_activate_1 = NULL; } else { $selected_r_activate_0 = NULL; $selected_r_activate_1 = " selected"; }
					if ($_POST['r_deactivate'] == 0) { $selected_r_deactivate_0 = " selected"; $selected_r_deactivate_1 = NULL; } else { $selected_r_deactivate_0 = NULL; $selected_r_deactivate_1 = " selected"; }
					if ($_POST['r_delete'] == 0) { $selected_r_delete_0 = " selected"; $selected_r_delete_1 = NULL; } else { $selected_r_delete_0 = NULL; $selected_r_delete_1 = " selected"; }
					if ($_POST['r_edit'] == 0) { $selected_r_edit_0 = " selected"; $selected_r_edit_1 = NULL; } else { $selected_r_edit_0 = NULL; $selected_r_edit_1 = " selected"; }
					if ($_POST['r_spam'] == 0) { $selected_r_spam_0 = " selected"; $selected_r_spam_1 = NULL; } else { $selected_r_spam_0 = NULL; $selected_r_spam_1 = " selected"; }
					if ($_POST['r_edit_smilies'] == 0) { $selected_r_edit_smilies_0 = " selected"; $selected_r_edit_smilies_1 = NULL; } else { $selected_r_edit_smilies_0 = NULL; $selected_r_edit_smilies_1 = " selected"; }

					$page_edit_user_adduser = template("EDIT_USER_NAME", $_POST['name'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("EDIT_USER_EMAIL", $_POST['email'], $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_USER_IS_ACTIVE_0", $selected_user_is_active_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_USER_IS_ACTIVE_1", $selected_user_is_active_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_ADMIN", $selected_r_admin, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_MODERATOR", $selected_r_moderator, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_SETTINGS_0", $selected_r_settings_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_SETTINGS_1", $selected_r_settings_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_ACTIVATE_0", $selected_r_activate_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_ACTIVATE_1", $selected_r_activate_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_DEACTIVATE_0", $selected_r_deactivate_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_DEACTIVATE_1", $selected_r_deactivate_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_DELETE_0", $selected_r_delete_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_DELETE_1", $selected_r_delete_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_EDIT_0", $selected_r_edit_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_EDIT_1", $selected_r_edit_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_SPAM_0", $selected_r_spam_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_SPAM_1", $selected_r_spam_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_EDIT_SMILIES_0", $selected_r_edit_smilies_0, $page_edit_user_adduser);
					$page_edit_user_adduser = template("SELECTED_R_EDIT_SMILIES_1", $selected_r_edit_smilies_1, $page_edit_user_adduser);
					$page_edit_user_adduser = template("EDIT_USER_NEW_PASSWORD_1", $save_pw, $page_edit_user_adduser);
					$page_edit_user_adduser = template("EDIT_USER_NEW_PASSWORD_2", $save_pw, $page_edit_user_adduser);

					$page_edit_user_adduser = template("FORM_ACTION", "admin.php?action=editusers&amp;mode=adduser".$sid, $page_edit_user_adduser);

					$content_scrolling_function = NULL;

					$page_include = $page_edit_user_adduser;

					$ok = 0;
					}
				}


			if ($ok == 1)
				{
				$sql="SELECT * FROM ".$db['prefix']."user ORDER BY ID ASC";
				$result = @mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 510: ".mysql_error());

				$counter = 0;

				for($i = 0; $i < mysql_num_rows($result); $i++)
					{
					$users[$i] = mysql_fetch_array($result);
					$counter++;
					}

				for($i = 0; $i < count($users); $i++)
					{
					$page_edit_user[$i] = $content_edit_user;

					if($i == 0)
						{
						$edit_user_icon_adduser = "<a href=\"admin.php?action=editusers&amp;mode=adduser".$sid."\"><img class=\"icon\" src=\"templates/default/images/user_adduser.png\" title=\"".$lang['user_add']."\" alt=\"".$lang['user_add']."\"></a>";
						}
					else
						{
						$edit_user_icon_adduser = NULL;
						}

					// fill template with entry (strings)
					$page_edit_user[$i] = template("EDIT_USER_ID", $users[$i]['ID'], $page_edit_user[$i]);
					$page_edit_user[$i] = template("EDIT_USER_NAME", $users[$i]['user_name'], $page_edit_user[$i]);
					if($users[$i]['user_level'] == 0) { $user_level = $lang['administrator']; } else { $user_level = $lang['moderator']; }
					$page_edit_user[$i] = template("EDIT_USER_LEVEL", $user_level, $page_edit_user[$i]);
					$page_edit_user[$i] = template("EDIT_USER_ICON_EDIT", "<a href=\"admin.php?action=editusers&amp;mode=edit&amp;id=".$users[$i]['ID'].$sid."\"><img class=\"icon\" src=\"templates/default/images/user_edit.png\" title=\"".$lang['user_edit']."\" alt=\"".$lang['user_edit']."\"></a>", $page_edit_user[$i]);
					$page_edit_user[$i] = template("EDIT_USER_ICON_ADDUSER", $edit_user_icon_adduser, $page_edit_user[$i]);

					if(!isset($page_include)) { $page_include = NULL; }
					$page_include .= $page_edit_user[$i];

					$content_scrolling_function = NULL;
					}
				}
			}
		else
			{
			$page_include = "<span class=\"admin\">".$lang['errormessage4']."</span>"; // user has no access to this script
			$content_scrolling_function = "<br>";
			}
		}

		// close sql connection
		@mysql_close($link);
?>
Return current item: MGB OpenSource Guestbook