thunder_sti Posted August 22, 2008 Share Posted August 22, 2008 Hey, wassup fellas !! Im trying to install the review post pro php. Everything looks good. But: The issue is admin php isnt verifying vbulletin usergroup permission. You can login to page fine just admin rights are not recognized. What can I do or where ??? Thanks Admin usergroup: <?php //////////////////////////// COPYRIGHT NOTICE ////////////////////////////// // This script is part of ReviewPost PHP, a software application by // // All Enthusiast, Inc. Use of any kind of part or all of this // // script or modification of this script requires a license from All // // Enthusiast, Inc. Use or modification of this script without a license // // constitutes Software Piracy and will result in legal action from All // // Enthusiast, Inc. All rights reserved. // // http://www.reviewpost.com // // Contributing Developer: Michael Pierce (mpdev.net) // // // // ReviewPost Copyright 2004, All Enthusiast, Inc. // //////////////////////////////////////////////////////////////////////////// require "adm-inc.php"; if ( $User['adminedit'] != 1 ) { diewell( "You are not a valid administrator!" ); exit; } if ($ppaction == "usergroups") { if ($do == "add") { $query = "INSERT INTO {$Globals['rp_db_prefix']}usergroups (groupid,groupname,uploads,reviews) values(NULL,'Default','0','0')"; $resulta = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups"); exit; } if ($do == "delete") { $usergroupid=$groupid; if ($Globals['vbversion'] == "reviewpost") { if ($usergroupid < 6) { diewell("You can't delete this usergroup."); } } else { if ($usergroupid < 5) { diewell("You can't delete this usergroup."); } } if (empty($okay)) $okay="no"; if ($okay != "yes") { adminheader( 0, "ReviewPost User Groups" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr align=\"center\"> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Add a Category</b></span> </span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> <span class=\"{$Style['medium']}\">You are about to delete the <b>\"$usergroup\"</b> usergroup.<br /><br />Please note that if you have any users that are set to this usergroup, you should change those users to a different group BEFORE you delete this one or they will be unable to login to upload products or post reviews.<br /><br /> <form action=\"{$Globals['maindir']}/adm-userg.php\" method=\"POST\"> <input type=\"hidden\" name=\"groupid\" value=\"$usergroupid\"> <input type=\"hidden\" name=\"do\" value=\"delete\"> <input type=\"hidden\" name=\"okay\" value=\"yes\"> <input type=\"hidden\" name=\"ppaction\" value=\"usergroups\"> <input type=\"submit\" value=\"Go ahead and delete this usergroup.\"> </form></td></tr></table></td></tr></table>"; print $output; exit; } else { $query = "DELETE FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$usergroupid"; $resulta = ppmysql_query($query,$link); $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Deleted Usergroup: $usergroupid"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!" ); exit; } } if ($do == "refresh-vb") { if ( empty($okay) ) $okay="no"; if ($okay != "yes") { adminheader( 0, "ReviewPost User Groups" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr align=\"center\"> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Refresh Usergroups</b></span> </span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> <span class=\"{$Style['medium']}\">You are about to refresh your forum usergroups. tdis is necessary whenever you add or delete usergroups within your forum software.<br /><br />After you refresh, <b>please double-check your ReviewPost usergroup settings</b> to ensure that they are correct!<br /><br /> <form action=\"{$Globals['maindir']}/adm-userg.php\" method=\"POST\"> <input type=\"hidden\" name=\"do\" value=\"refresh-vb\"> <input type=\"hidden\" name=\"okay\" value=\"yes\"> <input type=\"hidden\" name=\"ppaction\" value=\"usergroups\"> <input type=\"submit\" value=\"Go ahead and refresh usergroups.\"></form></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); exit; } else { import_user_groups(); $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Refreshed Usergroups"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!"); exit; } } if ($do == "process") { //# Save input usergroups form to DB $admincheck=0; foreach($HTTP_POST_VARS as $id=>$setting) { //$setting=~ s/\\+$//g; //$setting=~ s/\/+$//g; $name = explode("-", $id); $dbid = $name[1]; if ($name[0] == "cpaccess") { if ($setting == 1) { $admincheck = 1; } } } if ($admincheck == 0) { diewell("At least one usergroup must have Admin Access."); exit; } foreach($HTTP_POST_VARS as $id=>$setting) { $name = explode("-", $id); $dbid = $name[1]; if ($dbid != "") { $setting = addslashes( $setting ); $query = "UPDATE {$Globals['rp_db_prefix']}usergroups SET ".$name[0]."='$setting' WHERE groupid=$dbid"; //print "$query<br />"; $resulta = ppmysql_query($query,$link); } } $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Modified Usergroups"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!" ); exit; } adminheader( 0, "ReviewPost User Groups" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr align=\"center\"> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>Reviewpost UserGroup Editor</b></span></td></tr> <form method=\"POST\" action=\"{$Globals['maindir']}/adm-userg.php\"> <tr><td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"> <tr><td> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"> <tr><td class=\"{$Style['menubar']}\">Usergroup name</td> <td class=\"{$Style['menubar']}\">Admin Access?</span></td> <td class=\"{$Style['menubar']}\">Mod Access?</span></td> <td class=\"{$Style['menubar']}\">Allow Uploads?</span></td> <td class=\"{$Style['menubar']}\">Allow Reviews?</span></td> <td class=\"{$Style['menubar']}\">Allow edit own Products?</span></td> <td class=\"{$Style['menubar']}\">Allow edit own Reviews?</span></td></tr>"; $query = "SELECT groupid,groupname,cpaccess,modaccess,uploads,reviews,editpho,editposts FROM {$Globals['rp_db_prefix']}usergroups ORDER BY groupid"; $resulta = ppmysql_query($query,$link); while ( list($uggroupid,$uggroupname,$ugcpaccess,$ugmodaccess,$uguploads,$ugreviews,$editpho,$editposts) = mysql_fetch_row($resulta) ) { if ($ugcpaccess == "1") $cpaccess_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $cpaccess_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($ugmodaccess == "1") $modaccess_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $modaccess_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($editpho == "1") $editpho_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $editpho_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($editposts == "1") $editposts_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $editposts_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($uguploads == "1") $uploads_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $uploads_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($ugreviews == "1") $reviews_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $reviews_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($Globals['vbversion'] == "reviewpost" ) { $addhtml = "<b>(<a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&do=add\">Add a New Usergroup</a>)</b></span>"; } else { $addhtml = "<span class=\"{$Style['medium']}\"><b>(<a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&do=refresh-vb\">Refresh usergroups from your forum software?</a>)</b></span>"; } $output .= "<tr><td class=\"{$Style['tddetails']}\"><div align=\"center\"> <input type=\"text\" size=\"25\" maxlength=\"25\" value=\"$uggroupname\" name=\"groupname-$uggroupid\" class=\"bginput\">"; if ($Globals['vbversion'] == "reviewpost" || $Globals['vbversion'] == "threads") { if ($uggroupid > 5) { $output .= "<br />(<span class=\"{$Style['small']}\"><a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&groupid=$uggroupid&do=delete&usergroup=$uggroupname\">delete</a>)"; } } $output .= "</td> <td class=\"tddetails\"><div align=\"center\"><select name=\"cpaccess-$uggroupid\">$cpaccess_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"modaccess-$uggroupid\">$modaccess_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"uploads-$uggroupid\">$uploads_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"reviews-$uggroupid\">$reviews_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"editpho-$uggroupid\">$editpho_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"editposts-$uggroupid\">$editposts_opts</select></td> </tr>"; } ppmysql_free_result( $resulta ); $output .= "</table></td></tr></table><p><div align=\"center\"> <input type=\"hidden\" value=\"usergroups\" name=\"ppaction\"> <input type=\"hidden\" value=\"process\" name=\"do\"> $addhtml<p> <input value=\"Save Changes\" type=\"submit\"> </td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); exit; } diewell("Usergroups called improperly!"); ?> Unless, Im doing something wrong durin g the installation..... Link to comment https://forums.phpfreaks.com/topic/120805-adminphp/ Share on other sites More sharing options...
thunder_sti Posted August 22, 2008 Author Share Posted August 22, 2008 Admin user <?php //////////////////////////// COPYRIGHT NOTICE ////////////////////////////// // This script is part of ReviewPost PHP, a software application by // // All Enthusiast, Inc. Use of any kind of part or all of this // // script or modification of this script requires a license from All // // Enthusiast, Inc. Use or modification of this script without a license // // constitutes Software Piracy and will result in legal action from All // // Enthusiast, Inc. All rights reserved. // // http://www.reviewpost.com // // Contributing Developer: Michael Pierce (mpdev.net) // // // // ReviewPost Copyright 2004, All Enthusiast, Inc. // //////////////////////////////////////////////////////////////////////////// require "adm-inc.php"; if ( $User['adminedit'] != 1 ) { diewell( "You are not a valid administrator!" ); exit; } if (empty($susergroupid)) $susergroupid=""; if (empty($susername)) $susername=""; if (empty($email)) $email=""; $message=""; $srch = ""; if ( $ppaction == "users" ) { if ( $do == "findusers" ) { if ( $susername != "" ) $srch .= "username LIKE '%$susername%'"; if ( $susergroupid != "" ) { if ($srch != "") $srch .= " AND "; $srch .= "usergroupid=$susergroupid"; } if ($email != "") { if ($srch != "") $srch .= " AND "; $srch .= "email LIKE '%$email%'"; } if ($srch != "") $srch = "WHERE $srch"; if ( empty($perpage) ) $perpage=50; if ( !empty($page) ) { $page = $page; $startnumb = ($page*$perpage)-$perpage+1; } else { $page = 1; $startnumb = 1; } $startnumb = $startnumb-1; $query = "SELECT userid FROM {$Globals['rp_db_prefix']}users"; $nusers = ppmysql_query($query,$link); $rcount = mysql_num_rows($nusers); pagesystem( $rcount, "admusers" ); adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Select Users</span> </span></td> </tr> <tr><td class=\"{$Style['tdbackground']}\"><div align=\"center\"><br /> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"><tr><td> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"><tr> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Username</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Actions</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Email</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Posts</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Views</th> </tr>"; $query = "SELECT userid,username,joindate,posts,email,views FROM {$Globals['rp_db_prefix']}users $srch ORDER BY username LIMIT $startnumb,$perpage"; $fusers = ppmysql_query($query,$link); $posts = mysql_num_rows($fusers); while ( list( $euserid,$eusername,$joindate,$posts,$email,$views ) = mysql_fetch_row($fusers) ) { $output .= "<tr> <td class=\"{$Style['tddetails']}\">$eusername</span></td> <td class=\"{$Style['tddetails']}\"><div align=\"center\">[ <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=edituser&uid=$euserid\">Edit User</a> ] [ <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=deluser&uid=$euserid&inusername=$eusername\">Delete User</a> ] [ <a target=\"_blank\" href=\"{$Globals['maindir']}/member.php?ppaction=rpwd&uid=$euserid&verifykey=$joindate&adminreset=1\">Reset Password</a> ]</span></td> <td class=\"{$Style['tddetails']}\">$email</span></td> <td class=\"{$Style['tddetails']}\"><div align=\"center\">$posts</div></span></td> <td class=\"{$Style['tddetails']}\"><div align=\"center\">$views</div></span></td> </tr>"; } ppmysql_free_result( $fusers ); $output .= "</table></td></tr><tr><td class=\"{$Style['menubar']}\" colspan=\"4\" align=\"center\">$posternav</td></tr></table></td></tr></table></td></tr></table>"; if ($rcount > 0) { print "$output<p><p>"; adminfooter(); exit; } else { $message = "No users found. Please try an alternate search, or list all users.</span><p>"; } } if ( $susergroupid != "" ) { $query="SELECT groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$susergroupid"; $resultb = ppmysql_query($query,$link); list( $usergroup ) = mysql_fetch_row($resultb); ppmysql_free_result( $resultb ); } if ($do == "findusers") { $groupopt = "<option value=\"$susergroupid\">$usergroup</option><option></option>"; } else { $groupopt = "<option></option>"; $eusername=""; } $query = "SELECT userid FROM {$Globals['rp_db_prefix']}users"; $nusers = ppmysql_query($query,$link); $numusers = mysql_num_rows($nusers); $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups"; $groups = ppmysql_query($query,$link); while ( list( $groupid, $ugusergroup ) = mysql_fetch_row( $groups ) ) { $groupopt .= "<option value=\"$groupid\">$ugusergroup</option>"; } ppmysql_free_result( $groups ); adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Select Users</b></span></td> </tr> <tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> $message<p> <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=emailusers\">Click to email all members</a> <p><a href=\"{$Globals['maindir']}/adm-users.php?ppaction=users&do=findusers\">Click to list all $numusers users</a> or use the advanced search box below.<p> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"><tr><td> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"> <form method=\"post\" action=\"{$Globals['maindir']}/adm-users.php\"><tr> <td class=\"{$Style['menubar']}\" colspan=\"2\">Select users where: (leave a field blank to ignore it)</td></tr> <tr><td class=\"{$Style['tddetails']}\">Username contains:</td><td class=\"{$Style['tddetails']}\"><input type=\"text\" value=\"$eusername\" name=\"susername\"></td></tr> <tr><td class=\"{$Style['tddetails']}\">and email contains:</td><td class=\"{$Style['tddetails']}\"><input type=\"text\" value=\"$email\" name=\"email\"></td></tr> <tr><td class=\"{$Style['tddetails']}\">and usergroup is:</td><td class=\"{$Style['tddetails']}\"><select name=\"susergroupid\">$groupopt </select></td></tr> </table></td></tr></table><p> <input type=\"hidden\" name=\"ppaction\" value=\"users\"> <input type=\"hidden\" name=\"do\" value=\"findusers\"> <input type=\"submit\" value=\"Find users\"> </td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } if ($ppaction == "edituser") { if ($do == "process") { if ($year == "") $year="0000"; if ($month == "") $month="0"; if ($day == "") $day="0"; $birthday="$year-$month-$day"; $eusername = addslashes( $eusername ); $email = addslashes( $email ); $homepage = addslashes( $homepage ); $location = addslashes( $location ); $interests = addslashes( $interests ); $occupation = addslashes( $occupation ); $bio = addslashes( $bio ); $query = "UPDATE {$Globals['rp_db_prefix']}users SET username='$eusername',posts=$posts,usergroupid=$usergroupid,email='$email',homepage='$homepage',icq='$icq', aim='$aim',yahoo='$yahoo',birthday='$birthday',interests='$interests',occupation='$occupation',bio='$bio', location='$location' WHERE userid=$uid"; $resulta = ppmysql_query($query,$link); // we had a change of name, need to update some stuff if ( $ousername != $eusername ) { $query = "UPDATE {$Globals['rp_db_prefix']}reviews SET username='$eusername' WHERE username='$ousername'"; $result = ppmysql_query($query,$link); $query = "UPDATE {$Globals['rp_db_prefix']}products SET user='$eusername' WHERE user='$ousername'"; $result = ppmysql_query($query,$link); } $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Edit User: $ousername"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); $redir = "{$Globals['maindir']}/adm-users.php?ppaction=edituser&uid=$uid"; forward( $redir, "Processing complete!" ); exit; } if ($uid != "") { $months = array('January','February','March','April','May','June','July','August','September','October','November','December'); $query = "SELECT username,usergroupid,homepage,icq,aim,yahoo,joindate,posts,birthday,location,interests,occupation,bio,email FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid LIMIT 1"; $resulta = ppmysql_query($query,$link); list($eusername,$usergroupid,$homepage,$icq,$aim,$yahoo,$joindate,$posts,$birthday,$location,$interests,$occupation,$bio,$email) = mysql_fetch_row($resulta); ppmysql_free_result($resulta); $birth = explode( "-", $birthday ); $bmon = intval($birth[1]); $bday = intval($birth[2]); $byear = $birth[0]; if ($bmon != "") $bmonsel = "<option value=\"$bmon\">".$months[$bmon-1]."</option>"; else $bmonsel = "<option value=\"-1\"></option>"; if ($bday != "") $bdaysel = "<option value=\"$bday\">$bday</option>"; else $bdaysel = "<option value=\"-1\"></option>"; if ($byear == "") $byear = ""; if ($byear == "0000") $byear = ""; $ppdate = formatppdate( $joindate ); $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$usergroupid"; $resulta = ppmysql_query($query,$link); list( $usergroupid, $groupname ) = mysql_fetch_row($resulta); ppmysql_free_result( $resulta ); $groupopt = "<option selected value=\"$usergroupid\">$groupname</option>"; $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid !='$usergroupid'"; $groups = ppmysql_query($query,$link); while ( list( $groupid, $groupname ) = mysql_fetch_row( $groups ) ) { $groupopt .= "<option value=\"$groupid\">$groupname</option>"; } if ( $groups ) ppmysql_free_result( $groups ); $months = array('January','February','March','April','May','June','July','August','September','October','November','December'); adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost User</b></span> </span></td> </tr><tr> <td class=\"{$Style['tdbackground']}\"><div align=\"center\"><br /> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"> <tr><td class=\"{$Style['tddetails']}\"> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"> <tr> <td align=\"left\" colspan=\"2\" class=\"{$Style['menubar']}\"><span class=\"{$Style['small']}\"><b>Edit Profile for $eusername</span> </span></td></tr> <form method=\"post\" action=\"{$Globals['maindir']}/adm-users.php\"> <tr><td align=\"left\"> <span class=\"{$Style['medium']}\">Date Registered</span></td> <td align=\"left\"><span class=\"{$Style['medium']}\">$ppdate</span></td></tr> <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Username:</span></td> <td class=\"{$Style['tddetails']}\" align=\"left\"> <span class=\"{$Style['medium']}\"><input type=\"text\" name=\"eusername\" size=\"25\" maxlength=\"100\" value=\"$eusername\"> <input type=\"hidden\" name=\"ousername\" value=\"$eusername\"> </td></tr> <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Usergroup</span></td> <td class=\"{$Style['tddetails']}\" align=\"left\"><span class=\"{$Style['medium']}\"><select name=\"usergroupid\">$groupopt </select></td></tr> <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Email</span></td> <td align=\"left\"><span class=\"{$Style['medium']}\"> <input type=\"text\" name=\"email\" size=\"25\" maxlength=\"100\" value=\"$email\"></td></tr> <tr> <td align=\"left\"><span class=\"{$Style['medium']}\">Posts</span></td> <td align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"posts\" size=\"10\" maxlength=\"25\" value=\"$posts\"></td></tr>"; if ( $Globals['getoptional'] == "yes" ) { $output .= "<tr> <td class=\"{$Style['tddetails']}\" align=\"left\"><span class=\"{$Style['medium']}\">Birthday</span></td><td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"> <table border=\"0\" cellspacing=\"0\" cellpadding=\"2\"> <tr> <td align=\"center\"><span class=\"{$Style['small']}\">Month</span></td> <td align=\"center\"><span class=\"{$Style['small']}\">Day</span></td> <td align=\"center\"><span class=\"{$Style['small']}\">Year</span></td> </tr><tr> <td><span class=\"{$Style['small']}\" ><select name=\"month\"> $bmonsel"; for ( $m=0; $m < 12; $m++ ) { $output .= "<option value=\"".($m+1)."\">".$months[$m]."</option>\n"; } $output .= "</select></span></td> <td><span class=\"{$Style['small']}\"><select name=\"editday\"> $bdaysel"; for ( $x=1; $x < 32; $x++ ) { $output .= "<option value=\"$x\" >$x</option>\n"; } $output .= "</select></span></td> <td><span class=\"{$Style['small']}\"><input type=\"text\" name=\"year\" value=\"$byear\" size=\"{$Globals['fontlarge']}\" maxlength=\"4\"></span></td> </tr> </table> </td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"medium\">Homepage:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"homepage\" value=\"$homepage\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Biography:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"bio\" value=\"$bio\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">Location:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"location\" value=\"$location\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Interests:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"interests\" value=\"$interests\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">ICQ:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"icq\" value=\"$icq\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">AIM:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"aim\" value=\"$aim\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">Yahoo:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"yahoo\" value=\"$yahoo\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Occupation:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"occupation\" value=\"$occupation\" size=\"25\" maxlength=\"250\"></span></td> </tr>"; } $output .= "</table> </td></tr></table><p> <div align=\"center\"> <input type=\"hidden\" name=\"ppaction\" value=\"edituser\"> <input type=\"hidden\" name=\"do\" value=\"process\"> <input type=\"hidden\" name=\"uid\" value=\"$uid\"> <input type=\"submit\" value=\"Save Changes\"> </form></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } } if ($ppaction == "deluser") { if ($do == "process") { $query = "DELETE FROM {$Globals['rp_db_prefix']}reviews WHERE userid=$uid"; $resulta = ppmysql_query($query,$db_link); $query = "SELECT bigimage,cat FROM {$Globals['rp_db_prefix']}products WHERE userid=$uid"; $resulta = ppmysql_query($query,$link); while ( list( $filename, $thecat ) = mysql_fetch_row($resulta) ) { remove_all_files( $filename, $uid, $thecat ); } if ( $resulta ) ppmysql_free_result( $resulta ); //# end delete the files //# $query = "DELETE FROM {$Globals['rp_db_prefix']}products WHERE userid=$uid"; $resulta = ppmysql_query($query,$link); $query = "DELETE FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid"; $resulta = ppmysql_query($query,$db_link); $query = "SELECT username FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid"; $resulta = ppmysql_query($query,$db_link); list( $username ) = mysql_fetch_row($resulta); $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Delete User: $username"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); $forwardid = "{$Globals['maindir']}/adm-users.php?ppaction=users"; forward( $forwardid, "Finished processing user request!" ); exit; } //# Generate an 'are you sure' you want to delete? form... adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Remove User</b></span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> You're about to delete user \"$inusername\", and <b>ALL PRODUCTS/POSTS THAT HE/SHE HAS SUBMITTED</B>.<p> Are you sure you want to do that? <form action=\"{$Globals['maindir']}/adm-users.php\" method=\"post\"> <input type=\"hidden\" name=\"uid\" value=\"$uid\"> <input type=\"hidden\" name=\"do\" value=\"process\"> <input type=\"hidden\" name=\"ppaction\" value=\"deluser\"> <input type=\"submit\" value=\"I'm sure, delete the user.\"></form></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } if ($ppaction == "emailusers") { if ($do == "process") { $query = "SELECT userid,username,email FROM {$Globals['rp_db_prefix']}users ORDER BY username"; $fusers = ppmysql_query($query,$link); $posts = mysql_num_rows($fusers); print "Emailing $posts members, please wait... depending on the number of users, this may take a while...<br><br>"; $subject = addslashes( $subject ); $letter = addslashes( $letter ); $from_email = "From: {$Globals['adminemail']}"; while ( list($euserid,$eusername,$email) = mysql_fetch_row($fusers) ) { mail( $email, $subject, $letter, $from_email ); } ppmysql_free_result( $fusers ); $forwardid = "{$Globals['maindir']}/adm-users.php?ppaction=users"; forward( $forwardid, "Finished emailing users!" ); exit; } $emailmessage = "Type your email message here."; $subject = "Type your subject here."; adminheader( 0, "ReviewPost Email Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Email Users</b></span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> You are about to email all of your users. Please enter the message you wish to send below (HTML acceptable)<br><br> <form action=\"{$Globals['maindir']}/adm-users.php\" method=\"post\"> <input type=\"text\" value=\"$subject\" size=\"60\" name=\"subject\" /><br><br> <textarea name=\"letter\" cols=\"60\" rows=\"12\">$emailmessage</textarea><br><br> <input type=\"hidden\" name=\"uid\" value=\"$uid\"> <input type=\"hidden\" name=\"do\" value=\"process\"> <input type=\"hidden\" name=\"ppaction\" value=\"emailusers\"> <input type=\"submit\" value=\"Email Now!\"></form><br><br></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } ?> Link to comment https://forums.phpfreaks.com/topic/120805-adminphp/#findComment-622699 Share on other sites More sharing options...
thunder_sti Posted August 23, 2008 Author Share Posted August 23, 2008 bumpage.... Link to comment https://forums.phpfreaks.com/topic/120805-adminphp/#findComment-623838 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.