2 require_once("../include/sesion.php");
3 /* Make sure administrator is accessing page */
4 if($session->isAdmin()){
6 /* Admin submitted update user level form */
7 if(isset($_POST['subupdlevel'])){
10 /* Admin submitted delete user form */
11 else if(isset($_POST['subdeluser'])){
14 /* Admin submitted delete inactive users form */
15 else if(isset($_POST['subdelinact'])){
18 /* Admin submitted ban user form */
19 else if(isset($_POST['subbanuser'])){
22 /* Admin submitted delete banned user form */
23 else if(isset($_POST['subdelbanned'])){
24 procDeleteBannedUser();
34 * procUpdateLevel - If the submitted username is correct,
35 * their user level is updated according to the admin's
38 function procUpdateLevel(){
39 global $session, $database, $form;
40 /* Username error checking */
41 $subuser = checkUsername("upduser");
43 /* Errors exist, have user correct them */
44 if($form->num_errors
> 0){
45 $_SESSION['value_array'] = $_POST;
46 $_SESSION['error_array'] = $form->getErrorArray();
47 header("Location: ../?accion=admin");
49 /* Update user level */
51 $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
52 header("Location: ../?accion=admin");
57 * procDeleteUser - If the submitted username is correct,
58 * the user is deleted from the database.
60 function procDeleteUser(){
61 global $session, $database, $form;
62 /* Username error checking */
63 $subuser = checkUsername("deluser");
65 /* Errors exist, have user correct them */
66 if($form->num_errors
> 0){
67 $_SESSION['value_array'] = $_POST;
68 $_SESSION['error_array'] = $form->getErrorArray();
69 header("Location: ../?accion=admin");
71 /* Delete user from database */
73 $q = "DELETE FROM ".TBL_USERS
." WHERE codigo = '$subuser'";
75 header("Location: ../?accion=admin");
80 * procDeleteInactive - All inactive users are deleted from
81 * the database, not including administrators. Inactivity
82 * is defined by the number of days specified that have
83 * gone by that the user has not logged in.
85 function procDeleteInactive(){
86 global $session, $database;
87 $inact_time = $session->time
- $_POST['inactdays']*24*60*60;
88 $q = "DELETE FROM ".TBL_USERS
." WHERE timestamp < $inact_time "
89 ."AND userlevel != ".ADMIN_LEVEL
;
91 header("Location: ../?accion=admin");
95 * procBanUser - If the submitted username is correct,
96 * the user is banned from the member system, which entails
97 * removing the username from the users table and adding
98 * it to the banned users table.
100 function procBanUser(){
101 global $session, $database, $form;
102 /* Username error checking */
103 $subuser = checkUsername("banuser");
105 /* Errors exist, have user correct them */
106 if($form->num_errors
> 0){
107 $_SESSION['value_array'] = $_POST;
108 $_SESSION['error_array'] = $form->getErrorArray();
109 header("Location: ../?accion=admin");
111 /* Ban user from member system */
113 $q = "DELETE FROM ".TBL_USERS
." WHERE codigo = '$subuser'";
114 $database->query($q);
116 $q = "INSERT INTO ".TBL_BANNED_USERS
." VALUES ('$subuser', $session->time)";
117 $database->query($q);
118 header("Location: ../?accion=admin");
123 * procDeleteBannedUser - If the submitted username is correct,
124 * the user is deleted from the banned users table, which
125 * enables someone to register with that username again.
127 function procDeleteBannedUser(){
128 global $session, $database, $form;
129 /* Username error checking */
130 $subuser = checkUsername("delbanuser", true);
132 /* Errors exist, have user correct them */
133 if($form->num_errors
> 0){
134 $_SESSION['value_array'] = $_POST;
135 $_SESSION['error_array'] = $form->getErrorArray();
136 header("Location: ../?accion=admin");
138 /* Delete user from database */
140 $q = "DELETE FROM ".TBL_BANNED_USERS
." WHERE codigo = '$subuser'";
141 $database->query($q);
142 header("Location: ../?accion=admin");
147 * checkUsername - Helper function for the above processing,
148 * it makes sure the submitted username is valid, if not,
149 * it adds the appropritate error to the form.
151 function checkUsername($uname, $ban=false){
152 global $database, $form;
153 /* Username error checking */
154 $subuser = $_POST[$uname];
155 $field = $uname; //Use field name for username
156 if(!$subuser ||
strlen($subuser = trim($subuser)) == 0){
157 $form->setError($field, "* Username not entered<br>");
160 /* Make sure username is in database */
161 $subuser = stripslashes($subuser);
162 if(strlen($subuser) < 5 ||
strlen($subuser) > 30 ||
163 !eregi("^([0-9a-z])+$", $subuser) ||
164 (!$ban && !$database->usernameTaken($subuser))){
165 $form->setError($field, "* Username does not exist<br>");