Файл: upload/pages/admin/users/edit-user.php
Строк: 203
<?php
require_once ($_SERVER['DOCUMENT_ROOT'] . '/core/core.php');
if ($users_perms['edit_users'] != 1) {
RedirectToPage('/');
exit();
}
$id = abs((int)($_GET['id'] ?? 0));
$us = FetchAssoc(dbquery("SELECT * FROM `users` WHERE `id` = ?", [$id]));
$perms = dbquery("SELECT * FROM `admin_perms` ORDER BY `id`");
$us_ban = FetchAssoc(dbquery("SELECT * FROM `users_banned` WHERE `us` = ?", [$id]));
if ($us_ban) {
if ($us_ban['hours'] != -1) {
$end_ban = vremja($us_ban['time_ban'] + ($us_ban['hours'] * 3600));
} else {
$end_ban = 'Никогда'; // навсегда
}
$reason_ban = $us_ban['reas'] ?: 'Не указана';
}
if (empty($us['id'])) {
header("HTTP/1.0 404 Not Found");
include ($_SERVER['DOCUMENT_ROOT'] . '/pages/err_pages/404.php');
exit();
}
if (isset($_POST['set'])) {
check_csrf();
$us_login = chars($_POST['us_login']);
$us_name = chars($_POST['us_name']);
$us_desc = chars($_POST['us_desc']);
$us_email = chars($_POST['us_email']);
$permission = intval($_POST['perms']);
dbquery("UPDATE `users` SET `login` = ?, `description` = ?, `name` = ?, `email` = ?, `level_us` = ? WHERE `id` = ?", [$us_login, $us_desc, $us_name, $us_email, $permission, $id]);
showAlert('Успешно', 'success', 'Изменения сохранены');
ReloadPage();
}
if (isset($_POST['ban'])) {
if ($user && $user['id'] != $id) {
check_csrf();
$ban_reas = chars($_POST['reason']);
$ban_time = intval($_POST['time-ban']);
dbquery("INSERT INTO `users_banned` SET `us` = ?, `reas` = ?, `hours` = ?, `fp` = ?, `time_ban` = ?", [$id, $ban_reas, $ban_time, $us['fingerprint'], time()]);
showAlert('Успешно', 'success', 'Пользователь заблокирован!');
ReloadPage();
} else {
showAlert('Ошибка', 'fail', 'Нельзя блокировать самого себя!');
ReloadPage();
}
}
if (isset($_POST['delban'])) {
check_csrf();
dbquery("DELETE FROM `users_banned` WHERE `us` = ?", [$id]);
showAlert('Успешно', 'success', 'Пользователь разблокирован!');
ReloadPage();
}
echo '<div class="home_us tematic">';
$breadcrumbs = generateBreadcrumbs([
['/', 'Главная'],
['/admin', 'Админ панель'],
['/admin/users', 'Пользователи'],
['#', 'Редактирование пользователя № ' . $id]
]);
$html = $breadcrumbs['html'];
$json_ld = $breadcrumbs['json_ld'];
echo $html;
echo '<script type="application/ld+json">' . $json_ld . '</script>';
if (!$us_ban || empty($us_ban['id'])) {
echo '<div class="modal fade" id="add-ban" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true">
<form method="post">
<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel">Блокировка пользователя</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"><i class = "fas fa-xmark"></i></button>
</div>
<div class="modal-body">
<span>Введите причину блокировки:</span><br>
</div>
<div class="modal-footer">
<textarea name="reason" id="modal-number-input" placeholder="Причина..." required></textarea>
<select name="time-ban">
<option value="24">24 часа</option>
<option value="72">3 дня</option>
<option value="168">7 дней</option>
<option value="720">1 месяц</option>
<option value="2160">3 месяца</option>
<option value="4320">6 месяцев</option>
<option value="8640">1 год</option>
<option value="-1">Навсегда</option>
</select>
<input class="button" type="submit" name="ban" style="float: right; margin-left: 5px;" value="Заблокировать">
</div>
</div>
</div>
</form>
</div>';
} else {
echo '<div class="modal fade" id="del-ban" tabindex="-1" aria-labelledby="exampleModalLabel" aria-hidden="true">
<form method="post">
<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel">Разблокировка пользователя</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"><i class = "fas fa-xmark"></i></button>
</div>
<div class="modal-body">
<span>Вы уверены что хотите разблокировать пользователя ' . nick($us['id']) . '?</span><br>
</div>
<div class="modal-footer">
<input class="button" type="submit" name="delban" style="float: right; margin-left: 5px;" value="Разблокировать">
</div>
</div>
</div>
</form>
</div>';
}
echo '<div class="head_box section-header">
<div class="box_title">Редактирование пользователя № ' . $id . '</div>
</div>';
echo '<div class="side_in_count">';
include ($_SERVER['DOCUMENT_ROOT'] . '/core/elements/sidebars/panel.php');
echo '<div class="page_dbox">';
if ($us_ban && $us_ban['us'] == $id) {
echo '<div class="info-head_box">
<div class="title_head_box">Пользователь заблокирован</div>
<div class="flex_head-info"><div class="title_flex-info">Причина блокировки:</div><div class="info_flex-info">' . $reason_ban . '</div></div>
<div class="flex_head-info"><div class="title_flex-info">Дата блокировки:</div><div class="info_flex-info">' . vremja($us_ban['time_ban']) . '</div></div>
<div class="flex_head-info"><div class="title_flex-info">Конец блокировки:</div><div class="info_flex-info">' . $end_ban . '</div></div>
</div>';
}
echo '<div class="box-back-pan">
<form action="" method="post">
<div class="punct_settings">
<div class="label-punct">Логин</div>
<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">
<input type="text" name="us_login" value="' . ($us['login'] ?? '') . '" placeholder="Логин" required />
</div>
<div class="punct_settings">
<div class="label-punct">Имя</div>
<input type="text" name="us_name" value="' . ($us['name'] ?? '') . '" placeholder="Имя" required/>
</div>
<div class="punct_settings">
<div class="label-punct">О себе</div>
<textarea name="us_desc" placeholder="Описание" required>' . ($us['description'] ?? '') . '</textarea>
</div>
<div class="punct_settings">
<div class="label-punct">email</div>
<input type="text" name="us_email" value="' . ($us['email'] ?? '') . '" placeholder="Эл.Почта" required/>
</div>
<div class="punct_settings">
<div class="label-punct">Группа</div>
<select name="perms">';
while ($p = FetchAssoc($perms)) {
$selected = ($p['id'] == $us['level_us']) ? 'selected' : '';
echo '<option value="' . $p['id'] . '" ' . $selected . '>' . $p['name_perm'] . '</option>';
}
echo '</select>
</div>
<div class="punct_settings bot">
<div class="label-punct"></div>
<input type="submit" name="set" value="Сохранить" />';
if (empty($us_ban['id'])) {
echo '<a class="btn button set-success" data-bs-toggle="modal" data-bs-target="#add-ban">Заблокировать</a>';
} else {
echo '<a class="btn button set-success" data-bs-toggle="modal" data-bs-target="#del-ban">Разблокировать</a>';
}
echo '</div>
</form>
</div>
</div>';
echo '</div>';
echo '</div>';
$page_html = ob_get_clean();
require_once ($_SERVER['DOCUMENT_ROOT'] . '/layout.php');
?>