Вход Регистрация
Файл: modules/users/admin_init.php
Строк: 133
<?php

if ($Siteman->userinfo["level"] >= 4) {
    switch (
$mdo) {
    
    case 
"saveaccount":
        
$olddata $db->select(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"])));
        if (
strlen($olddata[0]["username"]) > 0) {
            if (
$Siteman->userinfo["level"] > $olddata[0]["level"]) {
                if (
strlen($_POST["uname"]) > && strlen($_POST["email"]) > && strlen($_POST["squest"]) > 0) {
                    
$newvalues = array();
                    
$msgs "";
                    if (
$_POST["uname"] != $olddata[0]["username"]) {
                        if (
substr_count($_POST["uname"],"<") == && substr_count($_POST["uname"],">") == && substr_count($_POST["uname"],"'") == && substr_count($_POST["uname"],'"') == && substr_count($_POST["uname"],stripslashes("\")) == 0) {
                            
$taken = $db->select(array("table" => "users","db" => "siteman","where" => array("strLower(username) = ".strtolower($_POST["uname"]))));
                            if (strlen(
$taken[0]["username"]) > 0 && strtolower($taken[0]["username"]) == strtolower($olddata[0]["username"])) {
                                
$newvalues["username"] = stripslashes($_POST["uname"]);
                            }
                            else if (strlen(
$taken[0]["username"]) > 0) {
                                
$msgs .= "Username is taken by another user, and was not changed.<br />";
                            }
                            else {
                                
$newvalues["username"] = stripslashes($_POST["uname"]);
                            }
                        }
                        else {
                            
$msgs .= "Username cannot contain &lt; &gt' " \ <br />";
                        }
                    }
                    if (strlen($_POST["pass"]) > 0) {
                        if ($_POST["pass"] == $_POST["rpassword"]) {
                            $newvalues["password"] = md5(stripslashes($_POST["pass"]));
                            $msgs .= "Password changed to <select><option>Click to show...</option><option>".stripslashes($_POST["pass"])."</option></select><br />";
                        }
                        else {
                            $msgs .= "Passwords entered did not match, and the password was not changed.<br />";
                        }
                    }
                    if ($_POST["level"] == 2 || $_POST["level"] == 3 || $_POST["level"] == 4) {
                        $newvalues["level"] = $_POST["level"];
                    }
                    if (strtolower($_POST["email"]) != $olddata[0]["email"]) {
                        $taken = $db->select(array("table" => "users","db" => "siteman","where" => array("email = ".strtolower($_POST["email"]))));
                        if (strlen($taken[0]["username"]) > 0) {
                            $msgs .= "Another user is registered with that email adress. Email not changed.<br />";
                        }
                        else {
                            $newvalues["email"] = strtolower($_POST["email"]);
                        }
                    }
                    if (stripslashes($_POST["fsign"]) != $olddata[0]["forum_signature"]) {
                        $newvalues["forum_signature"] = stripslashes($_POST["fsign"]);
                    }
                    if (stripslashes($_POST["squest"]) != $olddata[0]["squest"]) {
                        $newvalues["squest"] = stripslashes($_POST["squest"]);
                    }
                    if (strlen($_POST["sans"]) > 0) {
                        if ($_POST["sans"] == $_POST["repsans"]) {
                            $newvalues["sanswer"] = md5(stripslashes($_POST["sans"]));
                            $msgs .= "Answer to secret question is now <select><option>Click to show...</option><option>".stripslashes($_POST["sans"])."</option></select><br />";
                        }
                        else {
                            $msgs .= "Answers to secret questions entered didn'
t match, and was not changed.";
                        }
                    }
                    if (count(
$newvalues) > 0) {
                        
$db->update(array("table" => "users","db" => "siteman","where" => array("id ".$olddata[0]["id"]),"values" => $newvalues));
                    }
                }
            }
        }
        
$mdo = "edituser";
        
$nav_links .= "<b> >> Edit Account</b>";
    break 1;
    
    case "
edituser":
        
$nav_links .= "<b> >> Edit Account</b>";
        break 1;
    
    case "
validate":
        
$user = $db->select(array("table" => "users","db" => "siteman","where" => array("id ".$_GET["uid"])));
        if (strlen(
$user[0]["username"]) > 0) {
            if (
$user[0]["level"] <= 1) {
                
$db->update(array("table" => "users","db" => "siteman","where" => array("id ".$_GET["uid"]),"values" => array("level" => 2)));
            }
        }
        break 1;
    
    case "
banuser":
        
$user = $db->select(array("table" => "users","db" => "siteman","where" => array("id ".$_GET["uid"])));
        if (
$Siteman->userinfo["level"] > $user[0]["level"] && $user[0]["id"] != 1) {
            
$db->update(array("table" => "users","db" => "siteman","where" => array("id ".$_GET["uid"]),"values" => array("level" => 0)));
        }
    break 1;
    
    case "
deluser":
        
$nav_links .= "<b> >> Delete User</b>";
    break 1;
    
    case "
confdeluser":
        
$user = $db->select(array("table" => "users","db" => "siteman","where" => array("id ".$_GET["uid"])));
        if (
$Siteman->userinfo["level"] > $user[0]["level"] && $user[0]["id"] != 1 && $_POST["confirm"] == "Yes") {
            
$db->delete(array("table" => "users","db" => "siteman","where" => array("id ".$_GET["uid"])));
        }
    break 1;
    
    }

}

?>
Онлайн: 1
Реклама