admin/adminprocess.php

   1 <?
   2 /**
   3  * AdminProcess.php
   4  *
   5  * The AdminProcess class is meant to simplify the task of processing
   6  * admin submitted forms from the admin center, these deal with
   7  * member system adjustments.
   8  *
   9  * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
  10  * Last Updated: August 15, 2004
  11  */
  12 include("../include/session.php");
  13
  14 class AdminProcess
  15 {
  16    /* Class constructor */
  17    function AdminProcess(){
  18       global $session;
  19       /* Make sure administrator is accessing page */
  20       if(!$session->isAdmin()){
  21          header("Location: ../main.php");
  22          return;
  23       }
  24       /* Admin submitted update user level form */
  25       if(isset($_POST['subupdlevel'])){
  26          $this->procUpdateLevel();
  27       }
  28       /* Admin submitted delete user form */
  29       else if(isset($_POST['subdeluser'])){
  30          $this->procDeleteUser();
  31       }
  32       /* Admin submitted delete inactive users form */
  33       else if(isset($_POST['subdelinact'])){
  34          $this->procDeleteInactive();
  35       }
  36       /* Admin submitted ban user form */
  37       else if(isset($_POST['subbanuser'])){
  38          $this->procBanUser();
  39       }
  40       /* Admin submitted delete banned user form */
  41       else if(isset($_POST['subdelbanned'])){
  42          $this->procDeleteBannedUser();
  43       }
  44       /* Should not get here, redirect to home page */
  45       else{
  46          header("Location: ../main.php");
  47       }
  48    }
  49
  50    /**
  51     * procUpdateLevel - If the submitted username is correct,
  52     * their user level is updated according to the admin's
  53     * request.
  54     */
  55    function procUpdateLevel(){
  56       global $session, $database, $form;
  57       /* Username error checking */
  58       $subuser = $this->checkUsername("upduser");
  59
  60       /* Errors exist, have user correct them */
  61       if($form->num_errors > 0){
  62          $_SESSION['value_array'] = $_POST;
  63          $_SESSION['error_array'] = $form->getErrorArray();
  64          header("Location: ".$session->referrer);
  65       }
  66       /* Update user level */
  67       else{
  68          $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
  69          header("Location: ".$session->referrer);
  70       }
  71    }
  72
  73    /**
  74     * procDeleteUser - If the submitted username is correct,
  75     * the user is deleted from the database.
  76     */
  77    function procDeleteUser(){
  78       global $session, $database, $form;
  79       /* Username error checking */
  80       $subuser = $this->checkUsername("deluser");
  81
  82       /* Errors exist, have user correct them */
  83       if($form->num_errors > 0){
  84          $_SESSION['value_array'] = $_POST;
  85          $_SESSION['error_array'] = $form->getErrorArray();
  86          header("Location: ".$session->referrer);
  87       }
  88       /* Delete user from database */
  89       else{
  90          $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
  91          $database->query($q);
  92          header("Location: ".$session->referrer);
  93       }
  94    }
  95
  96    /**
  97     * procDeleteInactive - All inactive users are deleted from
  98     * the database, not including administrators. Inactivity
  99     * is defined by the number of days specified that have
 100     * gone by that the user has not logged in.
 101     */
 102    function procDeleteInactive(){
 103       global $session, $database;
 104       $inact_time = $session->time - $_POST['inactdays']*24*60*60;
 105       $q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time "
 106           ."AND userlevel != ".ADMIN_LEVEL;
 107       $database->query($q);
 108       header("Location: ".$session->referrer);
 109    }
 110
 111    /**
 112     * procBanUser - If the submitted username is correct,
 113     * the user is banned from the member system, which entails
 114     * removing the username from the users table and adding
 115     * it to the banned users table.
 116     */
 117    function procBanUser(){
 118       global $session, $database, $form;
 119       /* Username error checking */
 120       $subuser = $this->checkUsername("banuser");
 121
 122       /* Errors exist, have user correct them */
 123       if($form->num_errors > 0){
 124          $_SESSION['value_array'] = $_POST;
 125          $_SESSION['error_array'] = $form->getErrorArray();
 126          header("Location: ".$session->referrer);
 127       }
 128       /* Ban user from member system */
 129       else{
 130          $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
 131          $database->query($q);
 132
 133          $q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)";
 134          $database->query($q);
 135          header("Location: ".$session->referrer);
 136       }
 137    }
 138
 139    /**
 140     * procDeleteBannedUser - If the submitted username is correct,
 141     * the user is deleted from the banned users table, which
 142     * enables someone to register with that username again.
 143     */
 144    function procDeleteBannedUser(){
 145       global $session, $database, $form;
 146       /* Username error checking */
 147       $subuser = $this->checkUsername("delbanuser", true);
 148
 149       /* Errors exist, have user correct them */
 150       if($form->num_errors > 0){
 151          $_SESSION['value_array'] = $_POST;
 152          $_SESSION['error_array'] = $form->getErrorArray();
 153          header("Location: ".$session->referrer);
 154       }
 155       /* Delete user from database */
 156       else{
 157          $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'";
 158          $database->query($q);
 159          header("Location: ".$session->referrer);
 160       }
 161    }
 162
 163    /**
 164     * checkUsername - Helper function for the above processing,
 165     * it makes sure the submitted username is valid, if not,
 166     * it adds the appropritate error to the form.
 167     */
 168    function checkUsername($uname, $ban=false){
 169       global $database, $form;
 170       /* Username error checking */
 171       $subuser = $_POST[$uname];
 172       $field = $uname;  //Use field name for username
 173       if(!$subuser || strlen($subuser = trim($subuser)) == 0){
 174          $form->setError($field, "* Username not entered<br>");
 175       }
 176       else{
 177          /* Make sure username is in database */
 178          $subuser = stripslashes($subuser);
 179          if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
 180             !eregi("^([0-9a-z])+$", $subuser) ||
 181             (!$ban && !$database->usernameTaken($subuser))){
 182             $form->setError($field, "* Username does not exist<br>");
 183          }
 184       }
 185       return $subuser;
 186    }
 187 };
 188
 189 /* Initialize process */
 190 $adminprocess = new AdminProcess;
 191
 192 ?>