No centrar mapa por defecto.
[ecomupi.git] / contenido / adminprocess.php
blobe5f4669ec538a9ee272b4864c5c96e6a3ed955d1
1 <?php
2 require_once("../include/sesion.php");
3 require_once("../include/database.php");
5 /* Make sure administrator is accessing page */
6 if($session->isAdmin()){
8 /* Admin submitted update user level form */
9 if(isset($_POST['subupdlevel'])){
10 procUpdateLevel();
12 /* Admin submitted delete user form */
13 else if(isset($_POST['subdeluser'])){
14 procDeleteUser();
16 /* Admin submitted delete inactive users form */
17 else if(isset($_POST['subdelinact'])){
18 procDeleteInactive();
20 /* Admin submitted ban user form */
21 else if(isset($_POST['subbanuser'])){
22 procBanUser();
24 /* Admin submitted delete banned user form */
25 else if(isset($_POST['subdelbanned'])){
26 procDeleteBannedUser();
29 } else {
31 return;
35 /**
36 * procUpdateLevel - If the submitted username is correct,
37 * their user level is updated according to the admin's
38 * request.
40 function procUpdateLevel(){
41 global $session, $database, $form;
42 /* Username error checking */
43 $subuser = checkUsername("upduser");
45 /* Errors exist, have user correct them */
46 if($form->num_errors > 0){
47 $_SESSION['value_array'] = $_POST;
48 $_SESSION['error_array'] = $form->getErrorArray();
49 header("Location: ../?accion=gestionar+clientes");
51 /* Update user level */
52 else{
53 $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
54 header("Location: ../?accion=gestionar+clientes");
58 /**
59 * procDeleteUser - If the submitted username is correct,
60 * the user is deleted from the database.
62 function procDeleteUser(){
63 global $session, $database, $form;
64 /* Username error checking */
65 $subuser = checkUsername("deluser");
67 /* Errors exist, have user correct them */
68 if($form->num_errors > 0){
69 $_SESSION['value_array'] = $_POST;
70 $_SESSION['error_array'] = $form->getErrorArray();
71 header("Location: ../?accion=admin");
73 /* Delete user from database */
74 else{
75 $q = "DELETE FROM ".TBL_USERS." WHERE codigo = '$subuser'";
76 $database->query($q);
77 header("Location: ../?accion=admin");
81 /**
82 * procDeleteInactive - All inactive users are deleted from
83 * the database, not including administrators. Inactivity
84 * is defined by the number of days specified that have
85 * gone by that the user has not logged in.
87 function procDeleteInactive(){
88 global $session, $database;
89 $inact_time = $session->time - $_POST['inactdays']*24*60*60;
90 $q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time "
91 ."AND userlevel != ".ADMIN_LEVEL;
92 $database->query($q);
93 header("Location: ../?accion=admin");
96 /**
97 * procBanUser - If the submitted username is correct,
98 * the user is banned from the member system, which entails
99 * removing the username from the users table and adding
100 * it to the banned users table.
102 function procBanUser(){
103 global $session, $database, $form;
104 /* Username error checking */
105 $subuser = checkUsername("banuser");
107 /* Errors exist, have user correct them */
108 if($form->num_errors > 0){
109 $_SESSION['value_array'] = $_POST;
110 $_SESSION['error_array'] = $form->getErrorArray();
111 header("Location: ../?accion=admin");
113 /* Ban user from member system */
114 else{
115 $q = "DELETE FROM ".TBL_USERS." WHERE codigo = '$subuser'";
116 $database->query($q);
118 $q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)";
119 $database->query($q);
120 header("Location: ../?accion=admin");
125 * procDeleteBannedUser - If the submitted username is correct,
126 * the user is deleted from the banned users table, which
127 * enables someone to register with that username again.
129 function procDeleteBannedUser(){
130 global $session, $database, $form;
131 /* Username error checking */
132 $subuser = checkUsername("delbanuser", true);
134 /* Errors exist, have user correct them */
135 if($form->num_errors > 0){
136 $_SESSION['value_array'] = $_POST;
137 $_SESSION['error_array'] = $form->getErrorArray();
138 header("Location: ../?accion=admin");
140 /* Delete user from database */
141 else{
142 $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE codigo = '$subuser'";
143 $database->query($q);
144 header("Location: ../?accion=admin");
149 * checkUsername - Helper function for the above processing,
150 * it makes sure the submitted username is valid, if not,
151 * it adds the appropritate error to the form.
153 function checkUsername($uname, $ban=false){
154 global $database, $form;
155 /* Username error checking */
156 $subuser = $_POST[$uname];
157 $field = $uname; //Use field name for username
158 if(!$subuser || strlen($subuser = trim($subuser)) == 0){
159 $form->setError($field, "* Usuario no ingresado<br>");
161 else{
162 /* Make sure username is in database */
163 $subuser = stripslashes($subuser);
164 if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
165 !eregi("^([0-9a-z])+$", $subuser) ||
166 (!$ban && !$database->codigoTaken($subuser))){
167 $form->setError($field, "* Usuario no existe<br>");
170 return $subuser;