Файл: modules/users/admin_init.php
Строк: 133
<?php
if ($Siteman->userinfo["level"] >= 4) {
switch ($mdo) {
case "saveaccount":
$olddata = $db->select(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"])));
if (strlen($olddata[0]["username"]) > 0) {
if ($Siteman->userinfo["level"] > $olddata[0]["level"]) {
if (strlen($_POST["uname"]) > 0 && strlen($_POST["email"]) > 0 && strlen($_POST["squest"]) > 0) {
$newvalues = array();
$msgs = "";
if ($_POST["uname"] != $olddata[0]["username"]) {
if (substr_count($_POST["uname"],"<") == 0 && substr_count($_POST["uname"],">") == 0 && substr_count($_POST["uname"],"'") == 0 && substr_count($_POST["uname"],'"') == 0 && substr_count($_POST["uname"],stripslashes("\")) == 0) {
$taken = $db->select(array("table" => "users","db" => "siteman","where" => array("strLower(username) = ".strtolower($_POST["uname"]))));
if (strlen($taken[0]["username"]) > 0 && strtolower($taken[0]["username"]) == strtolower($olddata[0]["username"])) {
$newvalues["username"] = stripslashes($_POST["uname"]);
}
else if (strlen($taken[0]["username"]) > 0) {
$msgs .= "Username is taken by another user, and was not changed.<br />";
}
else {
$newvalues["username"] = stripslashes($_POST["uname"]);
}
}
else {
$msgs .= "Username cannot contain < > ' " \ <br />";
}
}
if (strlen($_POST["pass"]) > 0) {
if ($_POST["pass"] == $_POST["rpassword"]) {
$newvalues["password"] = md5(stripslashes($_POST["pass"]));
$msgs .= "Password changed to <select><option>Click to show...</option><option>".stripslashes($_POST["pass"])."</option></select><br />";
}
else {
$msgs .= "Passwords entered did not match, and the password was not changed.<br />";
}
}
if ($_POST["level"] == 2 || $_POST["level"] == 3 || $_POST["level"] == 4) {
$newvalues["level"] = $_POST["level"];
}
if (strtolower($_POST["email"]) != $olddata[0]["email"]) {
$taken = $db->select(array("table" => "users","db" => "siteman","where" => array("email = ".strtolower($_POST["email"]))));
if (strlen($taken[0]["username"]) > 0) {
$msgs .= "Another user is registered with that email adress. Email not changed.<br />";
}
else {
$newvalues["email"] = strtolower($_POST["email"]);
}
}
if (stripslashes($_POST["fsign"]) != $olddata[0]["forum_signature"]) {
$newvalues["forum_signature"] = stripslashes($_POST["fsign"]);
}
if (stripslashes($_POST["squest"]) != $olddata[0]["squest"]) {
$newvalues["squest"] = stripslashes($_POST["squest"]);
}
if (strlen($_POST["sans"]) > 0) {
if ($_POST["sans"] == $_POST["repsans"]) {
$newvalues["sanswer"] = md5(stripslashes($_POST["sans"]));
$msgs .= "Answer to secret question is now <select><option>Click to show...</option><option>".stripslashes($_POST["sans"])."</option></select><br />";
}
else {
$msgs .= "Answers to secret questions entered didn't match, and was not changed.";
}
}
if (count($newvalues) > 0) {
$db->update(array("table" => "users","db" => "siteman","where" => array("id = ".$olddata[0]["id"]),"values" => $newvalues));
}
}
}
}
$mdo = "edituser";
$nav_links .= "<b> >> Edit Account</b>";
break 1;
case "edituser":
$nav_links .= "<b> >> Edit Account</b>";
break 1;
case "validate":
$user = $db->select(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"])));
if (strlen($user[0]["username"]) > 0) {
if ($user[0]["level"] <= 1) {
$db->update(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"]),"values" => array("level" => 2)));
}
}
break 1;
case "banuser":
$user = $db->select(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"])));
if ($Siteman->userinfo["level"] > $user[0]["level"] && $user[0]["id"] != 1) {
$db->update(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"]),"values" => array("level" => 0)));
}
break 1;
case "deluser":
$nav_links .= "<b> >> Delete User</b>";
break 1;
case "confdeluser":
$user = $db->select(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"])));
if ($Siteman->userinfo["level"] > $user[0]["level"] && $user[0]["id"] != 1 && $_POST["confirm"] == "Yes") {
$db->delete(array("table" => "users","db" => "siteman","where" => array("id = ".$_GET["uid"])));
}
break 1;
}
}
?>