Location: PHPKode > scripts > phpEmailUser > login_reg_admin.php
<?php

/* phpemailuser by georgfly */

session_start();
if(@$_SESSION['auth'] != "yes" || !isset($_SESSION['uaid']))
{
	header("Location: login_reg.php");
	exit();
}


if (@$_POST['Button'] == "Log out")
{
	session_destroy();
	header("Location: login_reg.php");
	exit;
}


include("config.inc.php");

// login as user
if (!empty($_POST['loginuser']))
{
	$loginuserplode = explode('$$$$',$_POST['loginuser']);
	$_SESSION['auth']="yes";
	$_SESSION['uid']=$loginuserplode[0];
	$_SESSION['logname'] = $loginuserplode[1];
	header("Location: $startpage");
}

?>

<head><title>Admin Page</title>


<script LANGUAGE="JavaScript">
<!--
function confirmSubmit(warningtext)
{
var agree=confirm(warningtext);
if (agree)
	return true ;
else
	return false ;
}
function procLink(currentform,hiddenfield,sendvalue)
{
document.getElementById(currentform)[hiddenfield].value = sendvalue;
document.getElementById(currentform).submit();
}
// -->
</script>


<style type='text/css'>



label {
font-weight: bold;
float: left;
width: 30%;
margin-right: .5em;
text-align: right;
}

</style>

</head>
<body>

<?php

// db connection
$cxn = mysqli_connect($mysqlhost,$mysqluser,$mysqlpass,$mysqldb)
or die("Query died: connect");


// check if we have submitted a Button
// change admin user name / password
if (@$_POST['Button'] == "Change admin user name"){
	if (!preg_match("/^[0-9A-Za-z]{1,50}$/",$_POST['username'])) {
		$message1 = 'User name not valid.';
	} else {
		$newadname = strip_tags(trim($_POST['username']));
		$sql = "update useradmin set adname = '".mysqli_real_escape_string($cxn,$newadname)."' WHERE uaid = ".$_SESSION['uaid'];
		$result = mysqli_query($cxn,$sql)
		or die("Query died: username update");
		$message1 = "User name changed successfully.";
		$_SESSION['logadminname'] = $newadname;
	}
}


if (@$_POST['Button'] == "Change password") {
	if (!empty($_POST['password'])){
		if ($_POST['password'] != $_POST['passwordrep']){
				$message1 = "Passwords don't match.";
		} else {
			$password = trim($_POST['password']);
			$sql = "update useradmin set password = md5('$password') where uaid = ".$_SESSION['uaid'];
			$result = mysqli_query($cxn,$sql)
			or die("Query died: username update");
			$message1 = "Password changed successfully.";
		}
	}
}


if (@$_POST['Button'] == "Delete accounts"){
	$sql = "";
	foreach ($_POST as $key => $value){
		$keyplode = explode("_",$key);
		if ($keyplode[0] == 'user' && !empty($value)){
			$sql .= $value.",";
		}
	}
	if (!empty($sql)){
		$sql = trim($sql,",");
		$sql1 = "DELETE FROM user WHERE uid IN (".$sql.")";
		$result = mysqli_query($cxn,$sql1)
		or die("Query died: delete users");
		$num = mysqli_affected_rows($cxn);
		$sql2 = "DELETE FROM userdata WHERE uid IN (".$sql.")";
		$result = mysqli_query($cxn,$sql2)
		or die("Query died: delete userdata");
	} else {
		$num = 0;
	}
	$message2 = "$num user accounts have been deleted.";
}


if (@$_POST['Button'] == "Change activation status"){
	$sql = "";
	foreach ($_POST as $key => $value){
		$keyplode = explode("_",$key);
		if ($keyplode[0] == 'user' && !empty($value)){
			$sql .= $value.",";
		}
	}
	if (!empty($sql)){
		$sql = trim($sql,",");
		$sql = "UPDATE user SET activated = abs(activated-1) WHERE uid IN (".$sql.")";
		$result = mysqli_query($cxn,$sql)
		or die("Query died: activation status");
		$num = mysqli_affected_rows($cxn);
	} else {
		$num = 0;
	}
	$message2 = "The activation status of $num user accounts have been changed.<br>Activation links sent to the user may be still active!<br>";
}


if (@$_POST['Button'] == "Change blocked status"){
	$sql = "";
	foreach ($_POST as $key => $value){
		$keyplode = explode("_",$key);
		if ($keyplode[0] == 'user' && !empty($value)){
			$sql .= $value.",";
		}
	}
	if (!empty($sql)){
		$sql = trim($sql,",");
		$sql = "UPDATE user SET blocked = abs(blocked-1) WHERE uid IN (".$sql.")";
		$result = mysqli_query($cxn,$sql)
		or die("Query died: blocked status");
		$num = mysqli_affected_rows($cxn);
	} else {
		$num = 0;
	}
	$message2 = "The blocked status of $num user accounts have been changed.<br>";
}


if (@$_POST['Button'] == "Reset attempts to zero"){
	$sql = "";
	foreach ($_POST as $key => $value){
		$keyplode = explode("_",$key);
		if ($keyplode[0] == 'user' && !empty($value)){
			$sql .= $value.",";
		}
	}
	if (!empty($sql)){
		$sql = trim($sql,",");
		$sql = "UPDATE user SET loginattempts = 0 WHERE uid IN (".$sql.")";
		$result = mysqli_query($cxn,$sql)
		or die("Query died: blocked status");
		$num = mysqli_affected_rows($cxn);
	} else {
		$num = 0;
	}
	$message2 = "The login failure attempts of $num user accounts have been reset.<br>";
}


if (@$_POST['Button'] == "Change user level"){
	$sql = "";
	foreach ($_POST as $key => $value){
		$keyplode = explode("_",$key);
		if ($keyplode[0] == 'user' && !empty($value)){
			$sql .= $value.",";
		}
	}
	if (!empty($sql)){
		$sql = trim($sql,",");
		$sql = "UPDATE user SET userlevel = ".$_POST['userlevel']." WHERE uid IN (".$sql.")";
		$result = mysqli_query($cxn,$sql)
		or die("Query died: userlevel");
		$num = mysqli_affected_rows($cxn);
	} else {
		$num = 0;
	}
	$message2 = "The user level of $num user accounts have been changed.<br>";
}

// greeting
echo "<p style='font-size: 1.5em;
font-weight: bold; margin-top: 1em'>
Welcome, {$_SESSION['logadminname']}!</p>";


$sql = "SELECT * FROM user";
$result = mysqli_query($cxn,$sql)
or die("Query died: admin");
$num = mysqli_num_rows($result);

?>
<br><br>
<form id="adminform" action=<?php echo $_SERVER['PHP_SELF'].' '?> method="POST">
<?php


if ($num>0){
// hidden field for submitting with login-link
echo "<input type='hidden' name='loginuser' value=''>";
// table header row
//-----------------------------------------------------------------------
	?>
	<table cellpadding="5" border="1">
	<tr>
	<td>
	<strong>User ID</strong>
	</td>
	<td>
	<strong>User Name</strong>
	</td>
	<td>
	<strong>Email-activated</strong>
	</td>
	<td>
	<strong>Blocked</strong>
	</td>
	<td>
	<strong>Failed login attempts</strong>
	</td>
	<td>
	<strong>User level</strong>
	</td>
	</tr>
	<?php
	
	// user list
	//-----------------------------------------------------------------------
	
	for ($i = 0; $i < $num; $i++){
		$row = mysqli_fetch_assoc($result);
		$uid = $row['uid'];
		echo "<tr>";
		echo "<td>";
		$userline = "user_".$i;
		echo "<input type='hidden' name='$userline' value='0' />";
		if (@$_POST['Button'] == "Toggle selection"){
			if (@$_POST[$userline] == 0)
				$checked = "CHECKED";
			else
				$checked = "";
		} else {
			if (@$_POST[$userline] > 0)
				$checked = "CHECKED";
			else
				$checked = "";
		}
		echo "<input type='checkbox' name='$userline' value='".$row['uid']."' ".$checked."/>";
		echo $row['uid'];
		echo "</td>";
		echo "<td>".$row['user_email']."</td>";
		echo "<td>"; if ($row['activated']==1) echo "y"; else echo"n"; echo "</td>";
		echo "<td>"; if ($row['blocked']==1) echo "y"; else echo"n"; echo "</td>";
		$lastlogin_date = strtotime($row['lastlogin_date']);
		$loginattempts = $row['loginattempts'];
		$timediff = (time() - $lastlogin_date)/60;
		if ($timediff <= $loginfailtimeout && $loginattempts >= $allowedattempts && $enableattemptlimit){
			echo "<td><font color='red'>".$row['loginattempts']."</font></td>";
		}
		else {
			echo "<td>".$row['loginattempts']."</td>";
		}
		echo "<td>".$userlevels[$row['userlevel']]."</td>";
		echo "<td>";
		echo "<a href=\"javascript:procLink('adminform','loginuser','".$row['uid']."$$$$".$row['user_email']."')\">Log in as user</a>";
		echo "</tr>";
	}


	// submit buttons
	//-----------------------------------------------------------------------

	?>
	
	<tr>
	<td>
	<input type="submit" name="Button" value="Toggle selection">
	</td>
	<td>
	<input type="submit" name="Button" value="Delete accounts"
	onClick="return confirmSubmit('Are you sure you want to delete the selected users?')">
	</td>
	<td>
	<input type="submit" name="Button" value="Change activation status">
	</td>
	<td>
	<input type="submit" name="Button" value="Change blocked status">
	</td>
	<td>
	<input type="submit" name="Button" value="Reset attempts to zero">
	</td>
	<td>
	<input type="submit" name="Button" value="Change user level"><br>
	<select name="userlevel">
	<?php
	foreach($userlevels as $key => $value){
		echo "<option value='$key'>$value</option>";
	}
	?>
	</select>
	</td>
	</tr>
	</table>
	
	<?php
}

else
{
	echo("No users found.<br>");
}
?>
<font color="red"><?php echo @$message2; ?></font>


<form action=<?php echo $_SERVER['PHP_SELF'].' '?> method="POST">
<font color="red"><div style='margin-top:2em'><?php echo @$message1; ?></div></font><br>
<label for='username'>User name</label>
<input id='username' name='username' type='text' value='<?php echo $_SESSION['logadminname']; ?>'/>
<input type="submit" name="Button" value="Change admin user name">
<br>
<label for='password'>Password</label>
<input id='password' name='password' type='password' value=''/>
<br>
<label for='passwordrep'>Repeat Password</label>
<input id='passwordrep' name='passwordrep' type='password' value=''/>
<input type="submit" name="Button" value="Change password">
</form>


<form acton=<?php echo $_SERVER['PHP_SELF'].' '?> method="POST">
<input type="submit" name="Button" value="Log out" style='margin-top: 2em;'>
</form>
</body></html>
Return current item: phpEmailUser