Файл: admin/admins_edit.php
Строк: 84
<?php
include("../include/config.php");
include_once("../include/functions/import.php");
verify_login_admin();
$ADMINID = intval($_REQUEST[ADMINID]);
if($_POST['submitform'] == "1")
{
$username = htmlentities(strip_tags($_REQUEST['username']), ENT_COMPAT, "UTF-8");
$password = htmlentities(strip_tags($_REQUEST['password']), ENT_COMPAT, "UTF-8");
$email = htmlentities(strip_tags($_REQUEST['email']), ENT_COMPAT, "UTF-8");
if($ADMINID > 0)
{
if($username == "")
{
$error = "Error: Please enter a username.";
}
elseif($email == "")
{
$error = "Error: Please enter a e-mail address.";
}
else
{
$sql="select count(*) as total from administrators WHERE username='".mysql_real_escape_string($username)."' AND ADMINID!='".mysql_real_escape_string($ADMINID)."'";
$executequery = $conn->Execute($sql);
$tadmins = $executequery->fields[total];
if($tadmins == "0")
{
$sql="select count(*) as total from administrators WHERE email='".mysql_real_escape_string($email)."' AND ADMINID!='".mysql_real_escape_string($ADMINID)."'";
$executequery = $conn->Execute($sql);
$tadmins = $executequery->fields[total];
if($tadmins == "0")
{
$addtosql = "";
if ($password != "")
{
$newpassword = escape($password);
$newpassword = md5($newpassword);
$addtosql = ", password = '".mysql_real_escape_string($newpassword)."'";
}
$sql = "UPDATE administrators set username='".mysql_real_escape_string($username)."', email='".mysql_real_escape_string($email)."' $addtosql WHERE ADMINID='".mysql_real_escape_string($ADMINID)."'";
$conn->execute($sql);
$message = "Administrator Successfully Edited.";
Stemplate::assign('message',$message);
if($_SESSION['ADMINID'] == $ADMINID)
{
$_SESSION['ADMINUSERNAME'] = $username;
if ($password != "")
{
$_SESSION['ADMINPASSWORD'] = $newpassword;
}
}
}
else
{
$error = "Error: The e-mail address $email is already taken.";
}
}
else
{
$error = "Error: The username $username is already taken.";
}
}
}
}
if($ADMINID > 0)
{
$query = $conn->execute("select * from administrators where ADMINID='".mysql_real_escape_string($ADMINID)."' limit 1");
$admin = $query->getrows();
Stemplate::assign('admin', $admin[0]);
}
$mainmenu = "12";
$submenu = "1";
Stemplate::assign('error',$error);
Stemplate::assign('mainmenu',$mainmenu);
Stemplate::assign('submenu',$submenu);
STemplate::display("administrator/global_header.tpl");
STemplate::display("administrator/admins_edit.tpl");
STemplate::display("administrator/global_footer.tpl");
?>