<?php
/*
MGB 0.6.x - OpenSource PHP and MySql Guestbook
Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
// ================== //
// edit_users.inc.php //
// ================== //
//
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //
// make sure nobody has direct acces to this script
if (!defined('ADMINISTRATION'))
{
include ("error.html");
die();
}
else
{
if(check_rights($_GET['action'], $_SESSION['ID']))
{
// load config, settings, template and language files
require ("../includes/config.inc.php");
require ("../includes/load_settings.inc.php");
require("../language/".$settings['language_path']."/lang_admin.php");
require ("load_template_admin.inc.php");
require ("../includes/functions.inc.php");
// connect to database
$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(edit_user.inc.php) Error, line 45: ".mysql_error());
@mysql_select_db($db['dbname'], $link) or die ("(edit_user.inc.php) Error, line 46: ".mysql_error());
$ok = 1;
if (isset($_GET['mode']) AND $_GET['mode'] == "edit")
{
if(isset($_GET['id']))
{
if(isset($_POST['sent_edit_user']) AND $_POST['sent_edit_user'] == 1)
{
if(!isset($_POST['delete_user'])) { $_POST['delete_user'] = 0; }
$_POST['delete_user'] = htmlspecialchars(stripslashes(strip_tags(trim($_POST['delete_user']))), ENT_QUOTES);
if($_POST['delete_user'] == 1)
{
// check if user is able to change rights of the user
// an admin can't revoke his own rights or delete himself
if(login_ok(secure_value($_SESSION['username']), "", $_POST['old_password']))
{
if($_SESSION['lock'] == 1 AND $_SESSION['edit_username'] == $_SESSION['username'])
{
$errorcode = 8; // user tried to lock or delete his own account
$ok = 0;
}
}
else
{
$errorcode = 5; // wrong password
}
if(!isset($errorcode))
{
$sql = "DELETE FROM ".$db['prefix']."user WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
@mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 78: ".mysql_error());
}
}
else
{
// delete html code, php code and white spaces
$_POST['name'] = cleanstr($_POST['name']);
$_POST['email'] = cleanstr($_POST['email']);
$_POST['user_is_active'] = cleanstr($_POST['user_is_active']);
$_POST['user_level'] = cleanstr($_POST['user_level']);
$_POST['r_settings'] = cleanstr($_POST['r_settings']);
$_POST['r_activate'] = cleanstr($_POST['r_activate']);
$_POST['r_deactivate'] = cleanstr($_POST['r_deactivate']);
$_POST['r_delete'] = cleanstr($_POST['r_delete']);
$_POST['r_edit'] = cleanstr($_POST['r_edit']);
$_POST['r_spam'] = cleanstr($_POST['r_spam']);
$_POST['r_edit_smilies'] = cleanstr($_POST['r_edit_smilies']);
$_POST['old_password'] = cleanstr($_POST['old_password']);
$_POST['new_password_1'] = cleanstr($_POST['new_password_1']);
$_POST['new_password_2'] = cleanstr($_POST['new_password_2']);
// check if a new password is set
if(!empty($_POST['new_password_1']) AND !empty($_POST['new_password_2']))
{
if(!empty($_POST['old_password']))
{
if(login_ok(secure_value($_SESSION['username']), $_SESSION['ID'], $_POST['old_password']))
{
if($_POST['new_password_1'] == $_POST['new_password_2'])
{
if(strlen($_POST['new_password_1']) < $settings['password_min_length'])
{
$errorcode = 16; // new password is too short
}
else
{
$pass = "`user_password` = '".md5($_POST['new_password_1'])."',";
}
}
else
{
$errorcode = 6; // new passwords are not identical
}
}
else
{
$errorcode = 5; // wrong or no old password
}
}
else
{
$errorcode = 5; // wrong or no old password
}
}
else
{
$pass = NULL;
}
// check if email is valid
if(!check_mail($_POST['email']))
{
$errorcode = 7; // no or no valid email
}
// name and email can't be empty
if($_POST['name'] == "" OR $_POST['email'] == "")
{
$errorcode = 1; // necessary fields are empty
}
// check if user is able to change rights of the user
// an admin can't revoke his own rights or delete himself
if($_POST['user_level'] == 1 OR $_POST['user_is_active'] == 0)
{
if($_SESSION['lock'] == 1 AND $_SESSION['edit_username'] == $_SESSION['username'])
{
$errorcode = 8; // user tried to lock or delete his own account
}
}
// check password
if(login_ok("", secure_value($_SESSION['ID']), $_POST['old_password']))
{
if(!isset($errorcode) OR $errorcode == 0)
{
// save data to database
$sql = "UPDATE ".$db['prefix']."user SET
`user_name` = '".$_POST['name']."',
".$pass."
`user_email` = '".$_POST['email']."',
`user_is_active` = '".$_POST['user_is_active']."',
`user_level` = '".$_POST['user_level']."',
`r_settings` = '".$_POST['r_settings']."',
`r_activate` = '".$_POST['r_activate']."',
`r_deactivate` = '".$_POST['r_deactivate']."',
`r_delete` = '".$_POST['r_delete']."',
`r_edit` = '".$_POST['r_edit']."',
`r_edit_smilies` = '".$_POST['r_edit_smilies']."',
`r_spam` = '".$_POST['r_spam']."'
WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
if ( @mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, Line 180: ".mysql_error()) )
{
$saved_settings_successfull = 1;
}
$ok = 1;
}
else
{
$ok = 0;
}
}
else
{
$errorcode = 5; // wrong password
}
}
}
if(!isset($_POST['sent_edit_user']) OR isset($errorcode))
{
if (isset($errorcode) AND $errorcode == 1) { $errormessage = $lang['errormessage1']; }
if (isset($errorcode) AND $errorcode == 5) { $errormessage = $lang['errormessage5']; }
if (isset($errorcode) AND $errorcode == 6) { $errormessage = $lang['errormessage6']; }
if (isset($errorcode) AND $errorcode == 7) { $errormessage = $lang['errormessage7']; }
if (isset($errorcode) AND $errorcode == 8) { $errormessage = $lang['errormessage8']; }
if (isset($errorcode) AND $errorcode == 11) { $errormessage = $lang['errormessage11']; }
if (isset($errorcode) AND $errorcode == 16) { $errormessage = $lang['errormessage16']; }
if (!isset($errorcode)) { $errormessage = NULL; $content_errormessage = NULL; };
$sql="SELECT * FROM ".$db['prefix']."user WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
$result = @mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 210: ".mysql_error());
$user = mysql_fetch_array($result);
$page_edit_user_single = $content_edit_user_single;
$userID = $user['ID'];
$user_name = $user['user_name'];
$user_email = $user['user_email'];
$user_level = $user['user_level'];
$user_is_active = $user['user_is_active'];
$r_settings = $user['r_settings'];
$r_activate = $user['r_activate'];
$r_deactivate = $user['r_deactivate'];
$r_delete = $user['r_delete'];
$r_edit = $user['r_edit'];
$r_spam = $user['r_spam'];
$r_edit_smilies = $user['r_edit_smilies'];
if($_SESSION['ID'] == $userID)
{
$_SESSION['lock'] = 1;
$_SESSION['edit_username'] = $user_name;
}
else
{
$_SESSION['lock'] = 0;
$_SESSION['edit_username'] = "";
}
if ($user_level == 0) { $selected_r_admin = " selected"; $selected_r_moderator = NULL; } else { $selected_r_admin = NULL; $selected_r_moderator = " selected"; }
if ($user_is_active == 0) { $selected_user_is_active_0 = " selected"; $selected_user_is_active_1 = NULL; } else { $selected_user_is_active_0 = NULL; $selected_user_is_active_1 = " selected"; }
if ($r_settings == 0) { $selected_r_settings_0 = " selected"; $selected_r_settings_1 = NULL; } else { $selected_r_settings_0 = NULL; $selected_r_settings_1 = " selected"; }
if ($r_activate == 0) { $selected_r_activate_0 = " selected"; $selected_r_activate_1 = NULL; } else { $selected_r_activate_0 = NULL; $selected_r_activate_1 = " selected"; }
if ($r_deactivate == 0) { $selected_r_deactivate_0 = " selected"; $selected_r_deactivate_1 = NULL; } else { $selected_r_deactivate_0 = NULL; $selected_r_deactivate_1 = " selected"; }
if ($r_delete == 0) { $selected_r_delete_0 = " selected"; $selected_r_delete_1 = NULL; } else { $selected_r_delete_0 = NULL; $selected_r_delete_1 = " selected"; }
if ($r_edit == 0) { $selected_r_edit_0 = " selected"; $selected_r_edit_1 = NULL; } else { $selected_r_edit_0 = NULL; $selected_r_edit_1 = " selected"; }
if ($r_spam == 0) { $selected_r_spam_0 = " selected"; $selected_r_spam_1 = NULL; } else { $selected_r_spam_0 = NULL; $selected_r_spam_1 = " selected"; }
if ($r_edit_smilies == 0) { $selected_r_edit_smilies_0 = " selected"; $selected_r_edit_smilies_1 = NULL; } else { $selected_r_edit_smilies_0 = NULL; $selected_r_edit_smilies_1 = " selected"; }
$page_edit_user_single = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_edit_user_single);
$page_edit_user_single = template("ERRORMESSAGE", $errormessage, $page_edit_user_single);
$page_edit_user_single = template("LANG_ID", $lang['ID'], $page_edit_user_single);
$page_edit_user_single = template("LANG_NAME", $lang['name'], $page_edit_user_single);
$page_edit_user_single = template("LANG_EMAIL", $lang['email'], $page_edit_user_single);
$page_edit_user_single = template("LANG_ADMINISTRATOR", $lang['administrator'], $page_edit_user_single);
$page_edit_user_single = template("LANG_MODERATOR", $lang['moderator'], $page_edit_user_single);
$page_edit_user_single = template("LANG_USER_IS_ACTIVE", $lang['user_is_active'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_USER_TYPE", $lang['r_user_type'], $page_edit_user_single);
$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_RIGHTS", $lang['edit_user_caption_rights'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_SETTINGS", $lang['r_settings'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_ACTIVATE", $lang['r_activate'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_DEACTIVATE", $lang['r_deactivate'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_DELETE", $lang['r_delete'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_EDIT", $lang['r_edit'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_SPAM", $lang['r_spam'], $page_edit_user_single);
$page_edit_user_single = template("LANG_R_EDIT_SMILIES", $lang['r_edit_smilies'], $page_edit_user_single);
$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_PASSWORD", $lang['edit_user_caption_password'], $page_edit_user_single);
$page_edit_user_single = template("LANG_NEW_PASSWORD_1", $lang['new_password_1'], $page_edit_user_single);
$page_edit_user_single = template("LANG_NEW_PASSWORD_2", $lang['new_password_2'], $page_edit_user_single);
$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_DELETE_USER", $lang['edit_user_caption_delete_user'], $page_edit_user_single);
$page_edit_user_single = template("LANG_DELETE_USER", $lang['delete_user'], $page_edit_user_single);
$page_edit_user_single = template("LANG_EDIT_USER_CAPTION_OLD_PASSWORD", $lang['edit_user_caption_old_password'], $page_edit_user_single);
$page_edit_user_single = template("LANG_OLD_PASSWORD", $lang['old_password'], $page_edit_user_single);
$page_edit_user_single = template("LANG_SAVE", $lang['save'], $page_edit_user_single);
$page_edit_user_single = template("LANG_NO", $lang['no'], $page_edit_user_single);
$page_edit_user_single = template("LANG_YES", $lang['yes'], $page_edit_user_single);
$page_edit_user_single = template("EDIT_USER_ID", $userID, $page_edit_user_single);
$page_edit_user_single = template("EDIT_USER_NAME", $user_name, $page_edit_user_single);
$page_edit_user_single = template("EDIT_USER_EMAIL", $user_email, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_USER_IS_ACTIVE_0", $selected_user_is_active_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_USER_IS_ACTIVE_1", $selected_user_is_active_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_ADMIN", $selected_r_admin, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_MODERATOR", $selected_r_moderator, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_SETTINGS_0", $selected_r_settings_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_SETTINGS_1", $selected_r_settings_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_ACTIVATE_0", $selected_r_activate_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_ACTIVATE_1", $selected_r_activate_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_DEACTIVATE_0", $selected_r_deactivate_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_DEACTIVATE_1", $selected_r_deactivate_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_DELETE_0", $selected_r_delete_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_DELETE_1", $selected_r_delete_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_EDIT_0", $selected_r_edit_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_EDIT_1", $selected_r_edit_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_SPAM_0", $selected_r_spam_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_SPAM_1", $selected_r_spam_1, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_EDIT_SMILIES_0", $selected_r_edit_smilies_0, $page_edit_user_single);
$page_edit_user_single = template("SELECTED_R_EDIT_SMILIES_1", $selected_r_edit_smilies_1, $page_edit_user_single);
$page_edit_user_single = template("FORM_ACTION", "admin.php?action=editusers&mode=edit&id=".$userID.$sid, $page_edit_user_single);
$content_scrolling_function = NULL;
$page_include = $page_edit_user_single;
$ok = 0;
}
}
}
if(isset($_GET['mode']) AND $_GET['mode'] == "adduser")
{
if(isset($_POST['sent_edit_user_adduser']) AND $_POST['sent_edit_user_adduser'] == 1)
{
$_POST['name'] = cleanstr($_POST['name']);
$_POST['email'] = cleanstr($_POST['email']);
$_POST['user_is_active'] = cleanstr($_POST['user_is_active']);
$_POST['user_level'] = cleanstr($_POST['user_level']);
$_POST['r_settings'] = cleanstr($_POST['r_settings']);
$_POST['r_activate'] = cleanstr($_POST['r_activate']);
$_POST['r_deactivate'] = cleanstr($_POST['r_deactivate']);
$_POST['r_delete'] = cleanstr($_POST['r_delete']);
$_POST['r_edit'] = cleanstr($_POST['r_edit']);
$_POST['r_spam'] = cleanstr($_POST['r_spam']);
$_POST['r_edit_smilies'] = cleanstr($_POST['r_edit_smilies']);
$_POST['old_password'] = cleanstr($_POST['old_password']);
$_POST['new_password_1'] = cleanstr($_POST['new_password_1']);
$_POST['new_password_2'] = cleanstr($_POST['new_password_2']);
if(login_ok("", secure_value($_SESSION['ID']), $_POST['old_password']))
{
if(!check_if_user_exists(secure_value($_POST['name']), secure_value($_POST['email'])))
{
$errorcode = 11; // user already exists
}
}
else
{
$errorcode = 5; // wrong password
}
if($_POST['new_password_1'] != $_POST['new_password_2'])
{
$errorcode = 6; // passwords are not identical
}
// check if email is valid
if(!check_mail($_POST['email']))
{
$errorcode = 7; // no or no valid email
}
// name and email can't be empty
if($_POST['name'] == "" OR $_POST['email'] == "")
{
$errorcode = 1; // necessary fields are empty
}
if(!isset($errorcode) OR $errorcode == 0)
{
if(!isset($_POST['logged_out'])) { $_POST['logged_out'] = 1; }
$sql = "INSERT INTO ".$db['prefix']."user (
`user_name`,
`user_password`,
`user_email`,
`user_is_active`,
`user_level`,
`r_settings`,
`r_activate`,
`r_deactivate`,
`r_delete`,
`r_edit`,
`r_spam`,
`r_edit_smilies`,
`logged_out`
) VALUES (
'".$_POST['name']."',
'".md5($_POST['new_password_1'])."',
'".$_POST['email']."',
'".$_POST['user_is_active']."',
'".$_POST['user_level']."',
'".$_POST['r_settings']."',
'".$_POST['r_activate']."',
'".$_POST['r_deactivate']."',
'".$_POST['r_delete']."',
'".$_POST['r_edit']."',
'".$_POST['r_spam']."',
'".$_POST['r_edit_smilies']."',
'".$_POST['logged_out']."'
);";
@mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 394: ".mysql_error());
if(!isset($_POST['send_account_data'])) { $_POST['send_account_data'] = 0; }
if($_POST['send_account_data'] == 1)
{
$url = "http://".$settings['h_domain'].$settings['gb_path']."admin/admin.php";
$lang['sendmail_adduser_title'] = format_mail(repl_uml($lang['sendmail_adduser_title'], $charset), "", "", "", "", $settings['h_domain'], "", $_POST['name'], $_POST['new_password_1'], $url, "", "", "");
$lang['sendmail_adduser_text'] = format_mail(repl_uml(xhtmlbr2nl($lang['sendmail_adduser_text']), $charset), "", "", "", "", $settings['h_domain'], "", $_POST['name'], $_POST['new_password_1'], $url, "", "", "");
$mail_header = "content-type: text/plain; charset=".$charset."\n";
$mail_header .= "from: ".$settings['admin_gbemail'];
$mail_send = @mail($_POST['email'], $lang['sendmail_adduser_title'], $lang['sendmail_adduser_text'], $mail_header);
if ($mail_send)
{
$sendemail_successfull = 1;
}
}
}
}
if(!isset($_POST['sent_edit_user_adduser']) OR isset($errorcode))
{
if (isset($errorcode) AND $errorcode == 1) { $errormessage = $lang['errormessage1']; }
if (isset($errorcode) AND $errorcode == 5) { $errormessage = $lang['errormessage5']; }
if (isset($errorcode) AND $errorcode == 6) { $errormessage = $lang['errormessage6']; }
if (isset($errorcode) AND $errorcode == 7) { $errormessage = $lang['errormessage7']; }
if (isset($errorcode) AND $errorcode == 8) { $errormessage = $lang['errormessage8']; }
if (isset($errorcode) AND $errorcode == 11) { $errormessage = $lang['errormessage11']; }
if (isset($errorcode) AND $errorcode == 14) { $errormessage = $lang['errormessage14']; }
if (isset($errorcode) AND $errorcode == 16) { $errormessage = $lang['errormessage16']; }
if (!isset($errorcode)) { $content_errormessage = NULL; $errormessage = NULL; }
$save_pw = generate_key_and_pw("", $settings['password_min_length']);
$page_edit_user_adduser = $content_edit_user_adduser;
$page_edit_user_adduser = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_edit_user_adduser);
$page_edit_user_adduser = template("ERRORMESSAGE", $errormessage, $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_NAME", $lang['name'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_EMAIL", $lang['email'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_ADMINISTRATOR", $lang['administrator'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_MODERATOR", $lang['moderator'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_USER_IS_ACTIVE", $lang['user_is_active'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_USER_TYPE", $lang['r_user_type'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_RIGHTS", $lang['edit_user_caption_rights'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_SETTINGS", $lang['r_settings'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_ACTIVATE", $lang['r_activate'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_DEACTIVATE", $lang['r_deactivate'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_DELETE", $lang['r_delete'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_EDIT", $lang['r_edit'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_SPAM", $lang['r_spam'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_R_EDIT_SMILIES", $lang['r_edit_smilies'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_PASSWORD", $lang['edit_user_caption_password'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_NEW_PASSWORD_1", $lang['new_password_1'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_NEW_PASSWORD_2", $lang['new_password_2'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_DELETE_USER", $lang['edit_user_caption_delete_user'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_DELETE_USER", $lang['delete_user'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_SEND_ACCOUNT_DATA", $lang['edit_user_caption_send_account_data'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_SEND_ACCOUNT_DATA", $lang['send_account_data'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_EDIT_USER_CAPTION_OLD_PASSWORD", $lang['edit_user_caption_old_password'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_OLD_PASSWORD", $lang['old_password'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_SAVE", $lang['save'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_NO", $lang['no'], $page_edit_user_adduser);
$page_edit_user_adduser = template("LANG_YES", $lang['yes'], $page_edit_user_adduser);
if ($_POST['user_level'] == 0) { $selected_r_admin = " selected"; $selected_r_moderator = NULL; } else { $selected_r_admin = NULL; $selected_r_moderator = " selected"; }
if ($_POST['user_is_active'] == 0) { $selected_user_is_active_0 = " selected"; $selected_user_is_active_1 = NULL; } else { $selected_user_is_active_0 = NULL; $selected_user_is_active_1 = " selected"; }
if ($_POST['r_settings'] == 0) { $selected_r_settings_0 = " selected"; $selected_r_settings_1 = NULL; } else { $selected_r_settings_0 = NULL; $selected_r_settings_1 = " selected"; }
if ($_POST['r_activate'] == 0) { $selected_r_activate_0 = " selected"; $selected_r_activate_1 = NULL; } else { $selected_r_activate_0 = NULL; $selected_r_activate_1 = " selected"; }
if ($_POST['r_deactivate'] == 0) { $selected_r_deactivate_0 = " selected"; $selected_r_deactivate_1 = NULL; } else { $selected_r_deactivate_0 = NULL; $selected_r_deactivate_1 = " selected"; }
if ($_POST['r_delete'] == 0) { $selected_r_delete_0 = " selected"; $selected_r_delete_1 = NULL; } else { $selected_r_delete_0 = NULL; $selected_r_delete_1 = " selected"; }
if ($_POST['r_edit'] == 0) { $selected_r_edit_0 = " selected"; $selected_r_edit_1 = NULL; } else { $selected_r_edit_0 = NULL; $selected_r_edit_1 = " selected"; }
if ($_POST['r_spam'] == 0) { $selected_r_spam_0 = " selected"; $selected_r_spam_1 = NULL; } else { $selected_r_spam_0 = NULL; $selected_r_spam_1 = " selected"; }
if ($_POST['r_edit_smilies'] == 0) { $selected_r_edit_smilies_0 = " selected"; $selected_r_edit_smilies_1 = NULL; } else { $selected_r_edit_smilies_0 = NULL; $selected_r_edit_smilies_1 = " selected"; }
$page_edit_user_adduser = template("EDIT_USER_NAME", $_POST['name'], $page_edit_user_adduser);
$page_edit_user_adduser = template("EDIT_USER_EMAIL", $_POST['email'], $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_USER_IS_ACTIVE_0", $selected_user_is_active_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_USER_IS_ACTIVE_1", $selected_user_is_active_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_ADMIN", $selected_r_admin, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_MODERATOR", $selected_r_moderator, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_SETTINGS_0", $selected_r_settings_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_SETTINGS_1", $selected_r_settings_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_ACTIVATE_0", $selected_r_activate_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_ACTIVATE_1", $selected_r_activate_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_DEACTIVATE_0", $selected_r_deactivate_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_DEACTIVATE_1", $selected_r_deactivate_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_DELETE_0", $selected_r_delete_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_DELETE_1", $selected_r_delete_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_EDIT_0", $selected_r_edit_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_EDIT_1", $selected_r_edit_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_SPAM_0", $selected_r_spam_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_SPAM_1", $selected_r_spam_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_EDIT_SMILIES_0", $selected_r_edit_smilies_0, $page_edit_user_adduser);
$page_edit_user_adduser = template("SELECTED_R_EDIT_SMILIES_1", $selected_r_edit_smilies_1, $page_edit_user_adduser);
$page_edit_user_adduser = template("EDIT_USER_NEW_PASSWORD_1", $save_pw, $page_edit_user_adduser);
$page_edit_user_adduser = template("EDIT_USER_NEW_PASSWORD_2", $save_pw, $page_edit_user_adduser);
$page_edit_user_adduser = template("FORM_ACTION", "admin.php?action=editusers&mode=adduser".$sid, $page_edit_user_adduser);
$content_scrolling_function = NULL;
$page_include = $page_edit_user_adduser;
$ok = 0;
}
}
if ($ok == 1)
{
$sql="SELECT * FROM ".$db['prefix']."user ORDER BY ID ASC";
$result = @mysql_query($sql, $link) or die ("(edit_user.inc.php) Error, line 510: ".mysql_error());
$counter = 0;
for($i = 0; $i < mysql_num_rows($result); $i++)
{
$users[$i] = mysql_fetch_array($result);
$counter++;
}
for($i = 0; $i < count($users); $i++)
{
$page_edit_user[$i] = $content_edit_user;
if($i == 0)
{
$edit_user_icon_adduser = "<a href=\"admin.php?action=editusers&mode=adduser".$sid."\"><img class=\"icon\" src=\"templates/default/images/user_adduser.png\" title=\"".$lang['user_add']."\" alt=\"".$lang['user_add']."\"></a>";
}
else
{
$edit_user_icon_adduser = NULL;
}
// fill template with entry (strings)
$page_edit_user[$i] = template("EDIT_USER_ID", $users[$i]['ID'], $page_edit_user[$i]);
$page_edit_user[$i] = template("EDIT_USER_NAME", $users[$i]['user_name'], $page_edit_user[$i]);
if($users[$i]['user_level'] == 0) { $user_level = $lang['administrator']; } else { $user_level = $lang['moderator']; }
$page_edit_user[$i] = template("EDIT_USER_LEVEL", $user_level, $page_edit_user[$i]);
$page_edit_user[$i] = template("EDIT_USER_ICON_EDIT", "<a href=\"admin.php?action=editusers&mode=edit&id=".$users[$i]['ID'].$sid."\"><img class=\"icon\" src=\"templates/default/images/user_edit.png\" title=\"".$lang['user_edit']."\" alt=\"".$lang['user_edit']."\"></a>", $page_edit_user[$i]);
$page_edit_user[$i] = template("EDIT_USER_ICON_ADDUSER", $edit_user_icon_adduser, $page_edit_user[$i]);
if(!isset($page_include)) { $page_include = NULL; }
$page_include .= $page_edit_user[$i];
$content_scrolling_function = NULL;
}
}
}
else
{
$page_include = "<span class=\"admin\">".$lang['errormessage4']."</span>"; // user has no access to this script
$content_scrolling_function = "<br>";
}
}
// close sql connection
@mysql_close($link);
?>