search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
inital git commit
[phpns.git] / user.php
blob795564ebcb70ee01ca36165229f2616bcfb9f012
1 <?php
2
3 /* Copyright (c) 2007-08 Alec Henriksen
4 * phpns is free software; you can redistribute it and/or modify it under the
5 * terms of the GNU General Public Licence (GPL) as published by the Free
6 * Software Foundation; either version 2 of the Licence, or (at your option) any
7 * later version.
8 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
9 * understanding of what this license means and how to abide by it.
10 */
11 include("inc/init.php");
12
13 include("inc/header.php");
14 $do = $_GET['do'];
15
16 if (!$do) {
17 $globalvars['page_name'] = 'user management';
18
19 //form query
20 $page = $_GET['page'];
21 if (!$page) {
22 $page = 1;
23 }
24 $items_per_page = 200;
25 $page_start = ($page*$items_per_page) - $items_per_page;
26 $next_page = $page + 1;
27 $prev_page = $page - 1;
28 $item_list = load_items('users',$page_start,$items_per_page,'','','');
29
30 if (mysql_num_rows($item_list) == NULL) {
31 $table_rows = '<td class="noresults" colspan="6"><strong>No returned results...</strong></td>';
32 }
33
34
35 while ($item_row = mysql_fetch_array($item_list)) {
36 //convert timestamp to readable/human date
37 $item_row['timestamp'] = date($globalvars['time_format'],$item_row['timestamp']);
38 $item_row['rank_name'] = gen_rank_name($item_row['rank_id']);
39 $usercount_sql = general_query("SELECT * FROM ".$databaseinfo['prefix']."articles WHERE article_author='".$item_row['user_name']."'");
40 $num_items = mysql_num_rows($usercount_sql);
41 $row_bg = ($row_bg == $globalvars['altcolor'][2]) ? $globalvars['altcolor'][1] : $globalvars['altcolor'][2]; //current row bg
42
43 $table_rows = $table_rows.'
44 <tr bgcolor="'.$row_bg.'">
45 <td>
46 <a href="user.php?id='.$item_row['id'].'&do=edit"><img src="images/icons/edit.png" class="row_icon" alt="edit icon" title="edit &quot;'.$item_row['user_name'].'&quot;" /></a>
47 <strong><a href="user.php?id='.$item_row['id'].'&do=edit">'.$item_row['user_name'].'</a></strong>
48 </td>
49 <td>'.$item_row['full_name'].'</td>
50 <td>'.$item_row['timestamp'].'</td>
51 <td><a href="?id='.$item_row['rank_id'].'&do=editrank">'.$item_row['rank_name'].'</a></td>
52 <td align="center"><a href="manage.php?v='.$item_row['user_name'].'">'.$num_items.'</a></td>
53 <td class="checkbox"><input type="checkbox" value="'.$item_row['id'].'" name="'.$item_row['id'].'"></td>
54 </tr>
55 ';
56 } //end of WHILE statement
57
58 if ($_GET['delete_success'] == 1) {
59 $success .= '<div class="success">The user(s) have been successfully deleted.</div>';
60 } elseif ($_GET['delete_success'] == "no") {
61 $success .= '<div class="warning">The operation was cancelled, you cannot delete the first user (ID: 1), or yourself!</div>';
62 }
63
64 $content = '
65 '.$success.'
66 <h3>Actions</h3>
67 <div id="columnright">
68
69 <ul>
70 <li><a href="?do=newrank">new rank</a></li>
71 <li><a href="?do=ranks">manage ranks</a></li>
72 </ul>
73 </div>
74
75 <ul>
76 <li><a href="?do=new">new user</a></li>
77 <li><a href="?do=loginrec">login records</a></li>
78
79 </ul>
80
81 <h3>User list</h3>
82 <form id="useropt" method="post" action="?do=deleteusers" onsubmit="return confirm(\'Are you sure you want to delete the selected items?\');">
83 <table style="text-align: left; width: 100%;" border="1"cellpadding="3" cellspacing="2">
84 <tbody>
85 <tr class="toprow">
86 <td><strong>Username</strong></td>
87 <td><strong>Full name</strong></td>
88 <td><strong>Date</strong></td>
89 <td><strong>Rank</strong></td>
90 <td style="width: 80px"><strong>#/articles</strong></td>
91 <td style="width: 10px; text-align: center;"><strong><input type="checkbox" onClick="Checkall(this.form);" /></strong></td>
92 </tr>
93 '.$table_rows.'
94 </tbody>
95 </table>
96 <div style="text-align: right; width: 400px; float: right;">
97 <input type="submit" id="submit" value="Delete Selected" />
98 </div>
99 </form>
100 <div>
101 <button class="previous" OnClick="window.location = \'?page='.$prev_page.'\';" />Previous ('.$prev_page.')</button>
102 <button class="next" OnClick="window.location = \'?page='.$next_page.'\';" />Next ('.$next_page.')</button>
103 </div>';
104
105 } elseif ($do == "new") { //if action is new user
106
107 if ($globalvars['rank'][18] == 0) {
108 header("Location: index.php?do=permissiondenied");
109 die(); //if header doesn't work, kill the script.
110 }
111
112 $globalvars['page_name'] = "new user";
113 $globalvars['page_image'] = "user management";
114 $content = user_form();
115 } elseif ($do == "newp") { //if process from new user
116
117 if ($globalvars['rank'][18] == 0) {
118 header("Location: index.php?do=permissiondenied");
119 die(); //if header doesn't work, kill the script.
120 }
121
122 if(isset($_POST)) {
123 //generate vars
124 $data['username_'] = $_POST['username_'];
125 $data['fullname'] = $_POST['fullname'];
126 $data['password_'] = $_POST['password_'];
127 $data['cpassword_'] = $_POST['cpassword_'];
128 $data['email'] = $_POST['email'];
129 $data['msn'] = $_POST['msn'];
130 $data['aim'] = $_POST['aim'];
131 $data['yahoo'] = $_POST['yahoo'];
132 $data['skype'] = $_POST['skype'];
133 $data['rank'] = $_POST['rank'];
134 $data['notifications'] = $_POST['notifications'];
135
136 if (!$data['notifications']) {
137 $data['notifications'] = 0;
138 }
139
140 foreach($data as $key => $value) {
141 //clean data (SQL injection security)
142 $data[$key] = clean_data($value);
143 }
144
145 $con = "yes";
146 $error_message = '<ol class="warning">
147 ';
148 if (!$data['username_']) { //no username
149 $con = "no";
150 $error_message = $error_message.'<li>You must enter a username.</li>
151 ';
152 }
153 if (!$data['fullname']) { //no fullname
154 $con = "no";
155 $error_message = $error_message.'<li>You must enter a full name.</li>
156 ';
157 }
158 if (!$data['password_']) {
159 $con = "no";
160 $error_message = $error_message.'<li>You must enter a password.</li>
161 ';
162 }
163 //if passwords don't match
164 if ($data['password_'] != $data['cpassword_']) {
165 $con = "no";
166 $error_message = $error_message.'<li>Your passwords do not match.</li>
167 ';
168 }
169 //check if username is already used
170 $checkres = general_query("SELECT * FROM ".$databaseinfo['prefix']."users WHERE user_name='".$data['username_']."'");
171 if (mysql_num_rows($checkres) > 0) {
172 $con = "no";
173 $error_message = $error_message.'<li>The username specified is already being used. Please choose another.</li>
174 ';
175 }
176 $error_message = $error_message.'</ol>';
177
178 if ($con == "yes") { //if no problems
179 $data['password_'] = sha1($data['password_']);
180 $globalvars['page_name'] = "user success";
181 $globalvars['page_image'] = "user management";
182 $user_sql = new_user($data);
183
184 //send email
185 //send_mail('New user: '.$data['username_'], "Hello,\nThe user '".$_SESSION['username']."' has created an additional user, '".$data['username_']."'\n\nTo edit this user, go to: ".$globalvars['path_to_uri']."");
186
187 } else { // if there WERE problems
188 $globalvars['page_name'] = "user management";
189 //shortcut fix for a small bug...we'll need to add to the array
190 $data['user_name'] = $data['username_'];
191 $data['full_name'] = $data['fullname'];
192 $content = user_form($data);
193 }
194 }
195 } elseif ($do == "deleteusers") {
196
197 if ($globalvars['rank'][22] == 0) {
198 header("Location: index.php?do=permissiondenied");
199 die(); //if header doesn't work, kill the script.
200 }
201
202 $items = $_POST; //get vars
203 if (!$items) { //if no items, avoid mysql error by just redirecting
204 header("Location: user.php");
205 }
206
207 foreach($items as $key=>$value) { //create list of ids to be deleted
208 $items_f = $items_f."'$key',";
209 }
210
211 //check to make sure user deleting isn't in the list
212 if (strstr($items_f, $_SESSION['userID']) || strstr($items_f, '1')) {
213 header("Location: user.php?delete_success=no");
214 die(); //just in case!
215 }
216
217 $items_f = substr_replace($items_f,"",-1); //remove last comma in list for SQL
218 $sql = general_query("DELETE FROM ".$databaseinfo['prefix']."users WHERE id IN ($items_f)"); //delete all records where the id is in the list
219 header("Location: user.php?delete_success=1");
220
221 } elseif ($do == "edit") {
222
223 if ($globalvars['rank'][20] == 0) {
224 header("Location: index.php?do=permissiondenied");
225 die(); //if header doesn't work, kill the script.
226 }
227
228 $globalvars['page_name'] = "edit user"; //declare page name
229 $globalvars['page_image'] = "user management";
230 $id = $_GET['id'];
231
232 if ($id) {
233 $id = clean_data($id);
234 $fu_res = general_query("SELECT * FROM ".$databaseinfo['prefix']."users WHERE id='$id' LIMIT 1");
235 //create the form with above query
236 while ($data = mysql_fetch_assoc($fu_res)) {
237 if ($data['notifications'] == 1) {
238 $data['notifications_checked'] = ' checked="checked"';
239 }
240 $content = user_form($data);
241 }
242 }
243 } elseif ($do == "editp") {
244
245 if ($globalvars['rank'][20] == 0) {
246 header("Location: index.php?do=permissiondenied");
247 die(); //if header doesn't work, kill the script.
248 }
249
250 if(isset($_POST)) {
251 //generate vars
252 $data['username_'] = $_POST['username_'];
253 $data['fullname'] = $_POST['fullname'];
254 $data['password_'] = $_POST['password_'];
255 $data['cpassword_'] = $_POST['cpassword_'];
256 $data['email'] = $_POST['email'];
257 $data['msn'] = $_POST['msn'];
258 $data['aim'] = $_POST['aim'];
259 $data['yahoo'] = $_POST['yahoo'];
260 $data['skype'] = $_POST['skype'];
261 $data['rank'] = $_POST['rank'];
262 $data['notifications'] = $_POST['notifications'];
263
264 if (!$data['notifications']) {
265 $data['notifications'] = 0;
266 }
267
268 $data['id'] = $_POST['id'];
269 $data['original_username'] = $_POST['original_username'];
270
271 foreach($data as $key => $value) {
272 //clean data (SQL injection security)
273 $data[$key] = clean_data($value);
274 }
275
276 $con = "yes";
277 $error_message = '<ol class="warning">
278 ';
279 if (!$data['username_']) { //no username
280 $con = "no";
281 $error_message = $error_message.'<li>You must enter a username.</li>
282 ';
283 }
284 if (!$data['fullname']) { //no fullname
285 $con = "no";
286 $error_message = $error_message.'<li>You must enter a full name.</li>
287 ';
288 }
289
290 if ($data['password_']) {
291 //if passwords don't match
292 if ($data['password_'] != $data['cpassword_']) {
293 $con = "no";
294 $error_message = $error_message.'<li>Your passwords do not match.</li>
295 ';
296 }
297 }
298 //check if username is already used
299 $checkres = general_query("SELECT * FROM ".$databaseinfo['prefix']."users WHERE user_name='".$data['username_']."'");
300 if (mysql_num_rows($checkres) > 0) {
301 if ($data['original_username'] != $data['username_']) { //if the username is already being used (excluding current one)
302 $con = "no";
303 $error_message = $error_message.'<li>The username specified is already being used. Please choose another.</li>';
304 }
305 }
306 $error_message = $error_message.'</ol>';
307
308 if ($con == "yes") { //if no problems
309 $globalvars['page_name'] = "edit user";
310 $globalvars['page_image'] = "success";
311 $user_sql = edit_user($data);
312
313 header("Location: user.php?id=".$data['id']."&do=edit&success=1");
314
315 } else { // if there WERE problems
316 $globalvars['page_name'] = "user management";
317 //shortcut fix for a small bug...we'll need to add to the array
318 $data['user_name'] = $data['username_'];
319 $data['full_name'] = $data['fullname'];
320 $content = user_form($data);
321 }
322 }
323
324 } elseif ($do == "ranks") { //rank management
325 //quick permission check (redir to error) reference above this
326 if ($globalvars['rank'][2] == 0) {
327 header("Location: index.php?do=permissiondenied");
328 die(); //if header doesn't work, kill the script.
329 }
330 $globalvars['page_name'] = "rank management";
331 $globalvars['page_image'] = "lock";
332
333 //generate rank options for moving articles from deleted ranks
334 $move_selected_sql = general_query("SELECT * FROM ".$databaseinfo['prefix']."ranks");
335
336 while ($move_row = mysql_fetch_assoc($move_selected_sql)) {
337 $move_selected = $move_selected."<option value=\"".$move_row['id']."\">".$move_row['rank_title']."</option>";
338 }
339
340 //generate list of ranks
341 $item_list = load_items('ranks',0,5000,'','','');
342
343 while ($item_row = mysql_fetch_array($item_list)) {
344 //convert timestamp to readable/human date
345 $item_row['timestamp'] = date($globalvars['time_format'],$item_row['timestamp']);
346 $usercount_sql = general_query("SELECT * FROM ".$databaseinfo['prefix']."articles WHERE article_author='".$item_row['user_name']."'");
347 $num_items = mysql_num_rows($usercount_sql);
348 $row_bg = ($row_bg == $globalvars['altcolor'][2]) ? $globalvars['altcolor'][1] : $globalvars['altcolor'][2]; //current row bg
349
350 $table_rows = $table_rows.'
351 <tr bgcolor="'.$row_bg.'">
352 <td>
353 <a href="user.php?id='.$item_row['id'].'&do=editrank"><img src="images/icons/edit.png" class="row_icon" alt="edit icon" title="edit &quot;'.$item_row['rank_title'].'&quot;" /></a>
354 <strong><a href="user.php?id='.$item_row['id'].'&do=editrank">'.$item_row['rank_title'].'</a></strong>
355 </td>
356 <td>'.$item_row['rank_desc'].'</td>
357 <td>'.$item_row['timestamp'].'</td>
358 <td>'.$item_row['permissions'].'</td>
359 <td>'.$item_row['rank_author'].'</td>
360 <td class="checkbox"><input type="checkbox" value="'.$item_row['id'].'" name="'.$item_row['id'].'"></td>
361 </tr>
362 ';
363 } //end of WHILE statement
364
365 //success/error message
366 if ($_GET['delete_success'] == 1) {
367 $success = '<div class="success">The item(s) have been successfully deleted.</div>';
368 } elseif ($_GET['delete_success'] == 'no') {
369 $success = '<div class="warning">The operation was cancelled, you cannot delete the first rank (ID: 1), or your own!</div>';
370 }
371
372 $content = '
373 '.$success.'
374 <h3>Actions</h3>
375 <ul>
376 <li><a href="?do=newrank">new rank</a></li>
377 </ul>
378
379 <h3>Rank list</h3>
380 <form id="rankopt" method="post" action="?do=deleteranks" onsubmit="return confirm(\'Are you sure you want to delete the selected items?\');">
381 <table style="text-align: left; width: 100%;" border="1" cellpadding="3" cellspacing="2">
382 <tbody>
383 <tr class="toprow">
384 <td style="width: 200px; text-align: left;"><strong>Rank title</strong></td>
385 <td><strong>Rank description</strong></td>
386 <td><strong>Date</strong></td>
387 <td><strong>Permission string</strong></td>
388 <td style="width: 80px"><strong>Author</strong></td>
389 <td style="width: 10px; text-align: center;"><strong><input type="checkbox" onClick="Checkall(this.form);" /></strong></td>
390 </tr>
391 '.$table_rows.'
392 </tbody>
393 </table>
394 <div style="text-align: right;">
395 Move users from rank(s) (that will be deleted) to:
396 <select id="move_rank" name="move_rank" style=" margin: 0; width: 250px;">
397 '.$move_selected.'
398 </select>
399 <input type="submit" id="submit" value="Delete Selected" />
400 </div>
401 </form>';
402 } elseif ($do == "deleteranks") {
403 //quick permission check (redir to error) reference above this
404 if ($globalvars['rank'][2] == 0) {
405 header("Location: index.php?do=permissiondenied");
406 die(); //if header doesn't work, kill the script.
407 }
408 $items = $_POST; //get vars
409
410 unset($items['move_rank']);
411
412 if (!$items) { //if no items, avoid mysql error by just redirecting
413 header("Location: user.php?do=ranks");
414 }
415 foreach($items as $key=>$value) { //create list of ids to be deleted
416 $items_f = $items_f."'$key',";
417 }
418 $items_f = substr_replace($items_f,"",-1); //remove last comma in list for SQL
419
420 //move users to the rank selected
421 $res_m = general_query('UPDATE '.$databaseinfo['prefix'].'users SET rank_id="'.$_POST['move_rank'].'" WHERE rank_id IN ('.$items_f.')');
422
423 //make sure it's not the rank the user is assigned to
424 if (strstr($items_f, $_SESSION['rankID']) || strstr($items_f, '1')) {
425 header("Location: user.php?do=ranks&delete_success=no");
426 die();
427 }
428
429 $sql = general_query("DELETE FROM ".$databaseinfo['prefix']."ranks WHERE id IN ($items_f)"); //delete all records where the id is in the list
430 header("Location: user.php?do=ranks&delete_success=1");
431
432 } elseif ($do == "newrank") { //new rank
433 //quick permission check (redir to error)
434 if ($globalvars['rank'][0] == 0) {
435 header("Location: index.php?do=permissiondenied");
436 die();
437 }
438 $globalvars['page_name'] = "new rank";
439 $globalvars['page_image'] = "lock";
440 $content = rank_form();
441
442 } elseif ($do == "nrankp") {
443 //quick permission check (redir to error)
444 if ($globalvars['rank'][0] == 0) {
445 header("Location: index.php?do=permissiondenied");
446 die();
447 }
448 $globalvars['page_name'] = "rank success";
449 $globalvars['page_image'] = "success";
450
451 $category_list = join($_POST['categories'], ',');
452
453 //new rank creation process. Gather array
454 $data = $_POST;
455
456 //ok, so this gets a little complicated. We need to take all the data from the form, and make it into a string of 12 numbers, seperated by commas. The numbers will be 0s and 1s, 0 representing "disallow" and 1 "allow", 3 meaning a custom value.
457 //the sequence is: 1,1,1,1,1,1,1,1,1,1,1,1
458 //the english sequence...
459 // createranks,manageranks,loginrecords,preferences,loggingin,createarticles,approve,editarticles,deletearticles,createusers,editusers,deleteusers
460 //in that order. THE ORDER IS IMPORTANT, due to the splitting later. :)
461 //now on to the boring part of forming the query for insertion into the db. str_replace should suffice with a foreach() statement.
462 $rank = $data; //we'll use this later.
463 //first, unset the vars we don't need for this part.
464 unset($data['rank_title']);
465 unset($data['rank_desc']);
466 unset($data['categories']);
467
468 $continue = TRUE;
469
470 //check if any are missing
471 foreach ($data as $key=>$value) { //foreach string, lets create
472 //check if there is a value. we need every value.
473 if ($data[$key] == "") {
474 $continue = FALSE;
475 }
476
477 //replace 'allow' and 'disallow' with proper values. (0 and 1)
478 $data[$key] = preg_replace('/^allow$/',1,$data[$key]);
479 $data[$key] = str_replace('disallow',0,$data[$key]);
480
481 //special
482 $data[$key] = str_replace('allowapp',2,$data[$key]);
483
484 }
485
486 $permissions_string .= $data['createranks'].','.$data['manageranks'].','.$data['loginrecords'].','.$data['preferences'].','.$data['loggingin'].','.$data['createarticles'].','.$data['approve'].','.$data['editarticles'].','.$data['deletearticles'].','.$data['createusers'].','.$data['editusers'].','.$data['deleteusers'].','; //we form the string, putting a comma after each value.
487 //here is the string, with that last comma removed.
488 $permissions_string = substr_replace($permissions_string,"",-1);
489
490 if ($rank['rank_title'] == NULL || $rank['rank_desc'] == NULL || $continue == FALSE) { //if we're missing any piece, error.
491 $globalvars['page_name'] = "new rank";
492 $globalvars['page_image'] = 'error';
493 $error_message = '<div class="warning">You need values for each field, including the rank title and description.</div>';
494 $content = rank_form($rank, $category_list);
495 } else {
496 new_rank($rank,$permissions_string,$category_list,$_SESSION['username']);
497 }
498 } elseif ($do == "editrank") { //if we're editing the rank
499 //quick permission check (redir to error)
500 if ($globalvars['rank'][2] == 0) {
501 header("Location: index.php?do=permissiondenied");
502 die();
503 }
504 $globalvars['page_name'] = "edit rank"; //declare page name
505 $globalvars['page_image'] = "lock";
506 $id = $_GET['id'];
507
508 if ($id) {
509 $id = clean_data($id);
510 $ru_res = general_query("SELECT * FROM ".$databaseinfo['prefix']."ranks WHERE id='$id' LIMIT 1");
511 //while
512 while ($data = mysql_fetch_assoc($ru_res)) {
513 //we're going to convert the permissions from 1s ande 0s to proper form values.
514 $data['permissions'] = str_replace('1','allow',$data['permissions']);
515 $data['permissions'] = str_replace('0','disallow',$data['permissions']);
516 $data['permissions'] = str_replace('2','allowapp',$data['permissions']);
517
518 //now split string into array
519 $data['permissions'] = split(',',$data['permissions']);
520
521 //the sequence is: 1,1,1,1,1,1,1,1,1,1,1,1
522 //the english sequence...
523 // createranks,manageranks,loginrecords,preferences,loggingin,createarticles,approve,
524 // editarticles,deletearticles,createusers,editusers,deleteusers
525
526 //now we can assign new vars for form
527 $data['createranks'] = $data['permissions'][0];
528 $data['manageranks'] = $data['permissions'][1];
529 $data['loginrecords'] = $data['permissions'][2];
530 $data['preferences'] = $data['permissions'][3];
531 $data['loggingin'] = $data['permissions'][4];
532 $data['createarticles'] = $data['permissions'][5];
533 //quick fix for label on create articles (allow w/ approval solution)
534 if ($data['createarticles'] == 'allowapp') { $data['label'] = 'allow w/ approval'; } elseif ($data['createarticles'] == 'allow') { $data['label'] = 'allow'; } else { $data['label'] = 'disallow'; }
535 $data['approve'] = $data['permissions'][6];
536 $data['editarticles'] = $data['permissions'][7];
537 $data['deletearticles'] = $data['permissions'][8];
538 $data['createusers'] = $data['permissions'][9];
539 $data['editusers'] = $data['permissions'][10];
540 $data['deleteusers'] = $data['permissions'][11];
541
542 $content = rank_form($data);
543 }
544 }
545 } elseif ($do == "erankp") { //rank edit process
546 //quick permission check (redir to error)
547 if ($globalvars['rank'][2] == 0) {
548 header("Location: index.php?do=permissiondenied");
549 die();
550 }
551 $globalvars['page_name'] = "rank success";
552 $globalvars['page_image'] = "success";
553
554 $category_list = join($_POST['categories'], ',');
555
556 //new rank creation process. Gather array
557 $data = $_POST;
558
559 //ok, so this gets a little complicated. We need to take all the data from the form, and make it into a string of 12 numbers, seperated by commas. The numbers will be 0s and 1s, 0 representing "disallow" and 1 "allow", 3 meaning a custom value.
560 //the sequence is: 1,1,1,1,1,1,1,1,1,1,1,1
561 //the english sequence...
562 // createranks,manageranks,loginrecords,preferences,loggingin,createarticles,approve,editarticles,deletearticles,createusers,editusers,deleteusers,
563 //in that order. THE ORDER IS IMPORTANT, due to the splitting later. :)
564 //now on to the boring part of forming the query for insertion into the db. str_replace should suffice with a foreach() statement.
565 $rank = $data; //we'll use this later.
566 //first, unset the vars we don't need for this part.
567 unset($data['rank_title']);
568 unset($data['rank_desc']);
569 unset($data['categories']);
570 unset($data['id']);
571 $continue = TRUE;
572 foreach ($data as $key=>$value) { //foreach string, lets create
573 //check if there is a value. we need every value.
574 if ($data[$key] == "") {
575 $continue = FALSE;
576 }
577
578 //replace 'allow' and 'disallow' with proper values. (0 and 1)
579 $data[$key] = preg_replace('/^allow$/',1,$data[$key]);
580 $data[$key] = str_replace('disallow',0,$data[$key]);
581
582 //special
583 $data[$key] = str_replace('allowapp',2,$data[$key]);
584
585 }
586
587 $permissions_string .= $data['createranks'].','.$data['manageranks'].','.$data['loginrecords'].','.$data['preferences'].','.$data['loggingin'].','.$data['createarticles'].','.$data['approve'].','.$data['editarticles'].','.$data['deletearticles'].','.$data['createusers'].','.$data['editusers'].','.$data['deleteusers'].','; //we form the string, putting a comma after each value.
588
589 //here is the string, with that last comma removed. Wow, it's three in the morning.
590 $permissions_string = substr_replace($permissions_string,"",-1);
591
592 if ($rank['rank_title'] == NULL || $rank['rank_desc'] == NULL || $continue == FALSE) { //if we're missing any piece, error.
593 $globalvars['page_name'] = "edit rank";
594 $globalvars['page_image'] = 'error';
595 $error_message = '<div class="warning">You need values for each field, including the rank title and description.</div>';
596 $content = rank_form($rank,$category_list);
597 } else {
598 edit_rank($rank,$permissions_string,$category_list,$rank['id']);
599
600 //after editing, redirect to edit page with success
601 header("Location: user.php?id=".$rank['id']."&do=editrank&success=1");
602 }
603
604
605 } elseif ($do == "loginrec") { //login records
606 //quick permission check (redir to error)
607 if ($globalvars['rank'][4] == 0) {
608 header("Location: index.php?do=permissiondenied");
609 die();
610 }
611 $globalvars['page_name'] = "login records";
612 $globalvars['page_image'] = "user management";
613
614 $action = $_GET['action'];
615
616 //if delete all
617 if ($action == "delall") {
618 $sql = general_query("DELETE FROM ".$databaseinfo['prefix']."userlogin");
619
620 $error_message = '<div class="success">All login records have been deleted.</div>';
621 }
622
623 //determine pagination
624 $page = $_GET['page'];
625 if (!$page) {
626 $page = 1;
627 }
628 $items_per_page = 20;
629 $page_start = ($page*$items_per_page) - $items_per_page;
630 $next_page = $page + 1;
631 $prev_page = $page - 1;
632
633
634 $item_list = load_items('userlogin',$page_start,$items_per_page,$sort,$v);
635
636 if (mysql_num_rows($item_list) == NULL) {
637 $table_rows = '<td class="noresults" colspan="6"><strong>No returned results...</strong></td>';
638 }
639
640 while ($item_row = mysql_fetch_array($item_list)) {
641 //convert timestamp to readable/human date
642 $item_row['timestamp'] = date($globalvars['time_format'],$item_row['timestamp']);
643 $item_row['name'] = gen_rank_name($item_row['rank_id']);
644 $row_bg = ($row_bg == $globalvars['altcolor'][2]) ? $globalvars['altcolor'][1] : $globalvars['altcolor'][2]; //current row bg
645
646 //generate rows from login attempts
647 $table_rows = $table_rows.'<tr bgcolor="'.$row_bg.'"><td><a href="manage.php?v='.$item_row['username'].'"><strong>'.$item_row['username'].'</strong></a></td><td><a href="user.php?do=editrank&id='.$item_row['rank_id'].'">'.$item_row['name'].'</a></td><td>'.$item_row['timestamp'].'</td><td>'.$item_row['ip'].'</td></tr>
648 ';
649 }
650 $content = loginrec_form();
651
652
653 } //end main conditional
654
655 include("inc/themecontrol.php"); //include theme script
656 ?>
Phpns is a free and open source PHP news system.