Jump to content

admin.php


thunder_sti

Recommended Posts

Hey, wassup fellas !!

 

Im trying to install the review post pro php. Everything looks good.

But:

The issue is admin php isnt verifying vbulletin usergroup permission.

You can login to page fine just admin rights are not recognized.

 

What can I do or where ???

 

Thanks

Admin usergroup:

<?php
//////////////////////////// COPYRIGHT NOTICE //////////////////////////////
// This script is part of ReviewPost PHP, a software application by       //
// All Enthusiast, Inc.  Use of any kind of part or all of this           //
// script or modification of this script requires a license from All      //
// Enthusiast, Inc.  Use or modification of this script without a license //
// constitutes Software Piracy and will result in legal action from All   //
// Enthusiast, Inc.  All rights reserved.                                 //
// http://www.reviewpost.com                                              //
// Contributing Developer: Michael Pierce (mpdev.net)                     //
//                                                                        //
//            ReviewPost Copyright 2004, All Enthusiast, Inc.             //
////////////////////////////////////////////////////////////////////////////
require "adm-inc.php";

if ( $User['adminedit'] != 1 ) {
   diewell( "You are not a valid administrator!" );
   exit;
}

if ($ppaction == "usergroups") {
   if ($do == "add") {
       $query = "INSERT INTO {$Globals['rp_db_prefix']}usergroups (groupid,groupname,uploads,reviews) values(NULL,'Default','0','0')";
       $resulta = ppmysql_query($query,$link);

       forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups");
       exit;
   }

   if ($do == "delete") {
       $usergroupid=$groupid;

       if ($Globals['vbversion'] == "reviewpost") {
           if ($usergroupid < 6) {
               diewell("You can't delete this usergroup.");
           }
       }
       else {
           if ($usergroupid < 5) {
               diewell("You can't delete this usergroup.");
           }
       }

       if (empty($okay)) $okay="no";

       if ($okay != "yes") {
           adminheader( 0, "ReviewPost User Groups" );

           $output = "<div align=\"center\">

               <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
               align=\"center\"><tr><td>
               <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
               <tr align=\"center\">
               <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Add a Category</b></span>
               </span></td>
               </tr><tr>
               <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br />
               <span class=\"{$Style['medium']}\">You are about to delete the <b>\"$usergroup\"</b> usergroup.<br /><br />Please note that if you have
               any users that are set to this usergroup, you should change those users to a different group BEFORE you delete this one or they will be unable to
               login to upload products or post reviews.<br /><br />

               <form action=\"{$Globals['maindir']}/adm-userg.php\" method=\"POST\">
               <input type=\"hidden\" name=\"groupid\" value=\"$usergroupid\">
               <input type=\"hidden\" name=\"do\" value=\"delete\">
               <input type=\"hidden\" name=\"okay\" value=\"yes\">
               <input type=\"hidden\" name=\"ppaction\" value=\"usergroups\">
               <input type=\"submit\" value=\"Go ahead and delete this usergroup.\">
               </form></td></tr></table></td></tr></table>";

           print $output;
           exit;
       }
       else {
           $query = "DELETE FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$usergroupid";
           $resulta = ppmysql_query($query,$link);

           $ipaddr = findenv("REMOTE_ADDR");
           $date = time();
           $what = "Deleted Usergroup: $usergroupid";
           $what = addslashes($what);
           $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')";
           $resultb = ppmysql_query($query,$link);

           forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!" );
           exit;
       }
   }

   if ($do == "refresh-vb") {
       if ( empty($okay) ) $okay="no";
       if ($okay != "yes") {
           adminheader( 0, "ReviewPost User Groups" );

           $output = "<div align=\"center\">

               <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
               align=\"center\"><tr><td>
               <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
               <tr align=\"center\">
               <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Refresh Usergroups</b></span>
               </span></td>
               </tr><tr>
               <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br />
               <span class=\"{$Style['medium']}\">You are about to refresh your forum usergroups.  tdis is necessary whenever you
               add or delete usergroups within your forum software.<br /><br />After you refresh, <b>please double-check your ReviewPost usergroup
               settings</b> to ensure that they are correct!<br /><br />

               <form action=\"{$Globals['maindir']}/adm-userg.php\" method=\"POST\">
               <input type=\"hidden\" name=\"do\" value=\"refresh-vb\">
               <input type=\"hidden\" name=\"okay\" value=\"yes\">
               <input type=\"hidden\" name=\"ppaction\" value=\"usergroups\">
               <input type=\"submit\" value=\"Go ahead and refresh usergroups.\"></form></td></tr></table></td></tr></table>";

           print "$output<p><p>";
           adminfooter();

           exit;
       }
       else {
           import_user_groups();

           $ipaddr = findenv("REMOTE_ADDR");
           $date = time();
           $what = "Refreshed Usergroups";
           $what = addslashes($what);
           $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')";
           $resultb = ppmysql_query($query,$link);

           forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!");
           exit;
       }
   }

   if ($do == "process") {  //# Save input usergroups form to DB
       $admincheck=0;

       foreach($HTTP_POST_VARS as $id=>$setting) {
           //$setting=~ s/\\+$//g;
           //$setting=~ s/\/+$//g;
           $name = explode("-", $id);
           $dbid = $name[1];

           if ($name[0] == "cpaccess") {
               if ($setting == 1) {
                   $admincheck = 1;
               }
           }
       }

       if ($admincheck == 0) {
           diewell("At least one usergroup must have Admin Access.");
           exit;
       }

       foreach($HTTP_POST_VARS as $id=>$setting) {
           $name = explode("-", $id);
           $dbid = $name[1];

           if ($dbid != "") {
               $setting = addslashes( $setting );

               $query = "UPDATE {$Globals['rp_db_prefix']}usergroups SET ".$name[0]."='$setting' WHERE groupid=$dbid";
               //print "$query<br />";
               $resulta = ppmysql_query($query,$link);
           }
       }

       $ipaddr = findenv("REMOTE_ADDR");
       $date = time();
       $what = "Modified Usergroups";
       $what = addslashes($what);
       $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')";
       $resultb = ppmysql_query($query,$link);

       forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!" );
       exit;
   }

   adminheader( 0, "ReviewPost User Groups" );

   $output = "<div align=\"center\">

       <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
       align=\"center\"><tr><td>
       <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
       <tr align=\"center\">
       <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>Reviewpost UserGroup Editor</b></span></td></tr>
       <form method=\"POST\" action=\"{$Globals['maindir']}/adm-userg.php\">
       <tr><td class=\"{$Style['tddetails']}\"><div align=\"center\"><br />

       <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\">
       <tr><td>
       <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\">
       <tr><td class=\"{$Style['menubar']}\">Usergroup name</td>
       <td class=\"{$Style['menubar']}\">Admin Access?</span></td>
       <td class=\"{$Style['menubar']}\">Mod Access?</span></td>
       <td class=\"{$Style['menubar']}\">Allow Uploads?</span></td>
       <td class=\"{$Style['menubar']}\">Allow Reviews?</span></td>
       <td class=\"{$Style['menubar']}\">Allow edit own Products?</span></td>
       <td class=\"{$Style['menubar']}\">Allow edit own Reviews?</span></td></tr>";

   $query = "SELECT groupid,groupname,cpaccess,modaccess,uploads,reviews,editpho,editposts FROM {$Globals['rp_db_prefix']}usergroups ORDER BY groupid";
   $resulta = ppmysql_query($query,$link);

   while ( list($uggroupid,$uggroupname,$ugcpaccess,$ugmodaccess,$uguploads,$ugreviews,$editpho,$editposts) = mysql_fetch_row($resulta) ) {
       if ($ugcpaccess == "1")
           $cpaccess_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>";
       else
           $cpaccess_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>";

       if ($ugmodaccess == "1")
           $modaccess_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>";
       else
           $modaccess_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>";

       if ($editpho == "1")
           $editpho_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>";
       else
           $editpho_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>";

       if ($editposts == "1")
           $editposts_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>";
       else
           $editposts_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>";

       if ($uguploads == "1")
           $uploads_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>";
       else
           $uploads_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>";

       if ($ugreviews == "1")
           $reviews_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>";
       else
           $reviews_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>";

       if ($Globals['vbversion'] == "reviewpost" ) {
           $addhtml = "<b>(<a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&do=add\">Add a New
               Usergroup</a>)</b></span>";
       }
       else {
           $addhtml = "<span class=\"{$Style['medium']}\"><b>(<a
               href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&do=refresh-vb\">Refresh usergroups from your forum software?</a>)</b></span>";
       }

       $output .= "<tr><td class=\"{$Style['tddetails']}\"><div align=\"center\">
           <input type=\"text\" size=\"25\" maxlength=\"25\" value=\"$uggroupname\" name=\"groupname-$uggroupid\" class=\"bginput\">";

       if ($Globals['vbversion'] == "reviewpost" || $Globals['vbversion'] == "threads") {
           if ($uggroupid > 5) {
               $output .= "<br />(<span class=\"{$Style['small']}\"><a
                   href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&groupid=$uggroupid&do=delete&usergroup=$uggroupname\">delete</a>)";
           }
       }

       $output .= "</td>
           <td class=\"tddetails\"><div align=\"center\"><select name=\"cpaccess-$uggroupid\">$cpaccess_opts</select></td>
           <td class=\"tddetails\"><div align=\"center\"><select name=\"modaccess-$uggroupid\">$modaccess_opts</select></td>
           <td class=\"tddetails\"><div align=\"center\"><select name=\"uploads-$uggroupid\">$uploads_opts</select></td>
           <td class=\"tddetails\"><div align=\"center\"><select name=\"reviews-$uggroupid\">$reviews_opts</select></td>
           <td class=\"tddetails\"><div align=\"center\"><select name=\"editpho-$uggroupid\">$editpho_opts</select></td>
           <td class=\"tddetails\"><div align=\"center\"><select name=\"editposts-$uggroupid\">$editposts_opts</select></td>
           </tr>";
   }
   ppmysql_free_result( $resulta );

   $output .= "</table></td></tr></table><p><div align=\"center\">
       <input type=\"hidden\" value=\"usergroups\" name=\"ppaction\">
       <input type=\"hidden\" value=\"process\" name=\"do\">
       $addhtml<p>
       <input value=\"Save Changes\" type=\"submit\">
       </td></tr></table></td></tr></table>";

   print "$output<p><p>";
   adminfooter();

   exit;
}

diewell("Usergroups called improperly!");

?>

 

Unless, Im doing something wrong durin g the installation.....

Link to comment
Share on other sites

Admin user

<?php
//////////////////////////// COPYRIGHT NOTICE //////////////////////////////
// This script is part of ReviewPost PHP, a software application by       //
// All Enthusiast, Inc.  Use of any kind of part or all of this           //
// script or modification of this script requires a license from All      //
// Enthusiast, Inc.  Use or modification of this script without a license //
// constitutes Software Piracy and will result in legal action from All   //
// Enthusiast, Inc.  All rights reserved.                                 //
// http://www.reviewpost.com                                              //
// Contributing Developer: Michael Pierce (mpdev.net)                     //
//                                                                        //
//            ReviewPost Copyright 2004, All Enthusiast, Inc.             //
////////////////////////////////////////////////////////////////////////////
require "adm-inc.php";

if ( $User['adminedit'] != 1 ) {
    diewell( "You are not a valid administrator!" );
    exit;
}

if (empty($susergroupid)) $susergroupid="";
if (empty($susername)) $susername="";
if (empty($email)) $email="";
$message=""; $srch = "";

if ( $ppaction == "users" ) {
    if ( $do == "findusers" ) {
        if ( $susername != "" ) $srch .= "username LIKE '%$susername%'";

        if ( $susergroupid != "" ) {
            if ($srch != "") $srch .= " AND ";
            $srch .= "usergroupid=$susergroupid";
        }

        if ($email != "") {
            if ($srch != "") $srch .= " AND ";
            $srch .= "email LIKE '%$email%'";
        }

        if ($srch != "") $srch = "WHERE $srch";
        if ( empty($perpage) ) $perpage=50;

        if ( !empty($page) ) {
            $page = $page;
            $startnumb = ($page*$perpage)-$perpage+1;
        }
        else {
            $page = 1;
            $startnumb = 1;
        }

        $startnumb = $startnumb-1;

        $query = "SELECT userid FROM {$Globals['rp_db_prefix']}users";
        $nusers = ppmysql_query($query,$link);
        $rcount = mysql_num_rows($nusers);
        pagesystem( $rcount, "admusers" );

        adminheader( 0, "ReviewPost Users" );

        $output = "<div align=\"center\">
            <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\"
            align=\"center\"><tr><td>
            <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
            <tr>
            <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Select Users</span>
            </span></td>
            </tr>
            <tr><td class=\"{$Style['tdbackground']}\"><div align=\"center\"><br />

            <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"><tr><td>
            <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"><tr>
            <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Username</th>
            <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Actions</th>
            <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Email</th>
            <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Posts</th>
            <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Views</th>
            </tr>";

        $query = "SELECT userid,username,joindate,posts,email,views FROM {$Globals['rp_db_prefix']}users $srch ORDER BY username LIMIT $startnumb,$perpage";
        $fusers = ppmysql_query($query,$link);
        $posts = mysql_num_rows($fusers);

        while ( list( $euserid,$eusername,$joindate,$posts,$email,$views ) = mysql_fetch_row($fusers) ) {
            $output .= "<tr>
                <td class=\"{$Style['tddetails']}\">$eusername</span></td>
                <td class=\"{$Style['tddetails']}\"><div align=\"center\">[ <a
                href=\"{$Globals['maindir']}/adm-users.php?ppaction=edituser&uid=$euserid\">Edit User</a> ] [ <a
                href=\"{$Globals['maindir']}/adm-users.php?ppaction=deluser&uid=$euserid&inusername=$eusername\">Delete User</a> ] [ <a
                target=\"_blank\"
                href=\"{$Globals['maindir']}/member.php?ppaction=rpwd&uid=$euserid&verifykey=$joindate&adminreset=1\">Reset Password</a> ]</span></td>
                <td class=\"{$Style['tddetails']}\">$email</span></td>
                <td class=\"{$Style['tddetails']}\"><div align=\"center\">$posts</div></span></td>
                <td class=\"{$Style['tddetails']}\"><div align=\"center\">$views</div></span></td>
                </tr>";
        }
        ppmysql_free_result( $fusers );

        $output .= "</table></td></tr><tr><td class=\"{$Style['menubar']}\" colspan=\"4\" align=\"center\">$posternav</td></tr></table></td></tr></table></td></tr></table>";

        if ($rcount > 0) {
            print "$output<p><p>";
            adminfooter();

            exit;
        }
        else {
            $message = "No users found. Please try an alternate search, or list
                all users.</span><p>";
        }
    }

    if ( $susergroupid != "" ) {
        $query="SELECT groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$susergroupid";
        $resultb = ppmysql_query($query,$link);
        list( $usergroup ) = mysql_fetch_row($resultb);
        ppmysql_free_result( $resultb );
    }

    if ($do == "findusers") {
        $groupopt = "<option value=\"$susergroupid\">$usergroup</option><option></option>";
    }
    else {
        $groupopt = "<option></option>";
        $eusername="";
    }

    $query = "SELECT userid FROM {$Globals['rp_db_prefix']}users";
    $nusers = ppmysql_query($query,$link);
    $numusers = mysql_num_rows($nusers);

    $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups";
    $groups = ppmysql_query($query,$link);
    while ( list( $groupid, $ugusergroup ) = mysql_fetch_row( $groups ) ) {
        $groupopt .= "<option value=\"$groupid\">$ugusergroup</option>";
    }
    ppmysql_free_result( $groups );

    adminheader( 0, "ReviewPost Users" );

    $output = "<div align=\"center\">

        <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
        align=\"center\"><tr><td>
        <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
        <tr>
        <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Select Users</b></span></td>
        </tr>
        <tr>
        <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br />
        $message<p>
        <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=emailusers\">Click to email all members</a>
        <p><a href=\"{$Globals['maindir']}/adm-users.php?ppaction=users&do=findusers\">Click to list all $numusers users</a> or use the
        advanced search box below.<p>

        <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"><tr><td>
        <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\">
        <form method=\"post\" action=\"{$Globals['maindir']}/adm-users.php\"><tr>
        <td class=\"{$Style['menubar']}\" colspan=\"2\">Select users where: (leave a field blank to ignore it)</td></tr>
        <tr><td class=\"{$Style['tddetails']}\">Username contains:</td><td class=\"{$Style['tddetails']}\"><input type=\"text\"
        value=\"$eusername\" name=\"susername\"></td></tr>
        <tr><td class=\"{$Style['tddetails']}\">and email contains:</td><td class=\"{$Style['tddetails']}\"><input type=\"text\"
        value=\"$email\" name=\"email\"></td></tr>
        <tr><td class=\"{$Style['tddetails']}\">and usergroup is:</td><td class=\"{$Style['tddetails']}\"><select
        name=\"susergroupid\">$groupopt
        </select></td></tr>
        </table></td></tr></table><p>
        <input type=\"hidden\" name=\"ppaction\" value=\"users\">
        <input type=\"hidden\" name=\"do\" value=\"findusers\">
        <input type=\"submit\" value=\"Find users\">
        </td></tr></table></td></tr></table>";

    print "$output<p><p>";
    adminfooter();
}


if ($ppaction == "edituser") {
    if ($do == "process") {
        if ($year == "") $year="0000";
        if ($month == "") $month="0";
        if ($day == "") $day="0";

        $birthday="$year-$month-$day";
        $eusername = addslashes( $eusername );
        $email = addslashes( $email );
        $homepage = addslashes( $homepage );
        $location = addslashes( $location );
        $interests = addslashes( $interests );
        $occupation = addslashes( $occupation );
        $bio = addslashes( $bio );

        $query = "UPDATE {$Globals['rp_db_prefix']}users SET username='$eusername',posts=$posts,usergroupid=$usergroupid,email='$email',homepage='$homepage',icq='$icq',
            aim='$aim',yahoo='$yahoo',birthday='$birthday',interests='$interests',occupation='$occupation',bio='$bio',
            location='$location' WHERE userid=$uid";
        $resulta = ppmysql_query($query,$link);

        // we had a change of name, need to update some stuff
        if ( $ousername != $eusername ) {
            $query = "UPDATE {$Globals['rp_db_prefix']}reviews SET username='$eusername' WHERE username='$ousername'";
            $result = ppmysql_query($query,$link);

            $query = "UPDATE {$Globals['rp_db_prefix']}products SET user='$eusername' WHERE user='$ousername'";
            $result = ppmysql_query($query,$link);
        }

        $ipaddr = findenv("REMOTE_ADDR");
        $date = time();
        $what = "Edit User: $ousername";
        $what = addslashes($what);
        $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')";
        $resultb = ppmysql_query($query,$link);

        $redir = "{$Globals['maindir']}/adm-users.php?ppaction=edituser&uid=$uid";
        forward( $redir, "Processing complete!" );
        exit;
    }

    if ($uid != "") {
        $months = array('January','February','March','April','May','June','July','August','September','October','November','December');

        $query = "SELECT username,usergroupid,homepage,icq,aim,yahoo,joindate,posts,birthday,location,interests,occupation,bio,email FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid LIMIT 1";
        $resulta = ppmysql_query($query,$link);
        list($eusername,$usergroupid,$homepage,$icq,$aim,$yahoo,$joindate,$posts,$birthday,$location,$interests,$occupation,$bio,$email) = mysql_fetch_row($resulta);
        ppmysql_free_result($resulta);

        $birth = explode( "-", $birthday );
        $bmon = intval($birth[1]); $bday = intval($birth[2]); $byear = $birth[0];

        if ($bmon != "") $bmonsel = "<option value=\"$bmon\">".$months[$bmon-1]."</option>";
        else $bmonsel = "<option value=\"-1\"></option>";

        if ($bday != "") $bdaysel = "<option value=\"$bday\">$bday</option>";
        else $bdaysel = "<option value=\"-1\"></option>";

        if ($byear == "") $byear = "";
        if ($byear == "0000") $byear = "";

        $ppdate = formatppdate( $joindate );

        $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$usergroupid";
        $resulta = ppmysql_query($query,$link);
        list( $usergroupid, $groupname ) = mysql_fetch_row($resulta);
        ppmysql_free_result( $resulta );

        $groupopt = "<option selected value=\"$usergroupid\">$groupname</option>";

        $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid !='$usergroupid'";
        $groups = ppmysql_query($query,$link);
        while ( list( $groupid, $groupname ) = mysql_fetch_row( $groups ) ) {
            $groupopt .= "<option value=\"$groupid\">$groupname</option>";
        }
        if ( $groups ) ppmysql_free_result( $groups );

        $months = array('January','February','March','April','May','June','July','August','September','October','November','December');

        adminheader( 0, "ReviewPost Users" );

        $output = "<div align=\"center\">

            <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
            align=\"center\"><tr><td>
            <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
            <tr>
            <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost User</b></span>
            </span></td>
            </tr><tr>
            <td class=\"{$Style['tdbackground']}\"><div align=\"center\"><br />

            <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\">
            <tr><td class=\"{$Style['tddetails']}\">
            <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\">

            <tr>
            <td align=\"left\" colspan=\"2\" class=\"{$Style['menubar']}\"><span class=\"{$Style['small']}\"><b>Edit Profile for $eusername</span>
            </span></td></tr>
            <form method=\"post\" action=\"{$Globals['maindir']}/adm-users.php\">
            <tr><td align=\"left\">
            <span class=\"{$Style['medium']}\">Date Registered</span></td>
            <td align=\"left\"><span class=\"{$Style['medium']}\">$ppdate</span></td></tr>
            <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Username:</span></td>
            <td class=\"{$Style['tddetails']}\" align=\"left\">
            <span class=\"{$Style['medium']}\"><input type=\"text\" name=\"eusername\" size=\"25\" maxlength=\"100\" value=\"$eusername\">
            <input type=\"hidden\" name=\"ousername\" value=\"$eusername\">
            </td></tr>
            <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Usergroup</span></td>
            <td class=\"{$Style['tddetails']}\" align=\"left\"><span class=\"{$Style['medium']}\"><select name=\"usergroupid\">$groupopt
            </select></td></tr>
            <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Email</span></td>
            <td  align=\"left\"><span class=\"{$Style['medium']}\">
            <input type=\"text\" name=\"email\" size=\"25\" maxlength=\"100\" value=\"$email\"></td></tr>
            <tr>
            <td align=\"left\"><span class=\"{$Style['medium']}\">Posts</span></td>
            <td align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\"
            name=\"posts\" size=\"10\" maxlength=\"25\" value=\"$posts\"></td></tr>";

        if ( $Globals['getoptional'] == "yes" ) {
            $output .= "<tr>
                <td class=\"{$Style['tddetails']}\" align=\"left\"><span class=\"{$Style['medium']}\">Birthday</span></td><td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">

                <table border=\"0\" cellspacing=\"0\" cellpadding=\"2\">
                <tr>
                <td align=\"center\"><span class=\"{$Style['small']}\">Month</span></td>
                <td align=\"center\"><span class=\"{$Style['small']}\">Day</span></td>
                <td align=\"center\"><span class=\"{$Style['small']}\">Year</span></td>
                </tr><tr>
                <td><span class=\"{$Style['small']}\" ><select name=\"month\">
                $bmonsel";

            for ( $m=0; $m < 12; $m++ ) {
                $output .= "<option value=\"".($m+1)."\">".$months[$m]."</option>\n";
            }

            $output .= "</select></span></td>
                <td><span class=\"{$Style['small']}\"><select name=\"editday\">
                $bdaysel";

            for ( $x=1; $x < 32; $x++ ) {
                $output .= "<option value=\"$x\" >$x</option>\n";
            }

            $output .= "</select></span></td>
                <td><span class=\"{$Style['small']}\"><input type=\"text\" name=\"year\" value=\"$byear\" size=\"{$Globals['fontlarge']}\"
                maxlength=\"4\"></span></td>
                </tr>
                </table>

                </td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"medium\">Homepage:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"homepage\" value=\"$homepage\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Biography:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"bio\" value=\"$bio\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">Location:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"location\" value=\"$location\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Interests:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"interests\" value=\"$interests\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">ICQ:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"icq\" value=\"$icq\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">AIM:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"aim\" value=\"$aim\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">Yahoo:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"yahoo\" value=\"$yahoo\" size=\"25\" maxlength=\"250\"></span></td>
                </tr><tr>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Occupation:</span><br />
                </td>
                <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input
                type=\"text\" name=\"occupation\" value=\"$occupation\" size=\"25\" maxlength=\"250\"></span></td>
                </tr>";
        }

        $output .= "</table>
                </td></tr></table><p>
                <div align=\"center\">
                <input type=\"hidden\" name=\"ppaction\" value=\"edituser\">
                <input type=\"hidden\" name=\"do\" value=\"process\">
                <input type=\"hidden\" name=\"uid\" value=\"$uid\">
                <input type=\"submit\" value=\"Save Changes\">

                </form></td></tr></table></td></tr></table>";

        print "$output<p><p>";
        adminfooter();
    }
}

if ($ppaction == "deluser") {
    if ($do == "process") {
        $query = "DELETE FROM {$Globals['rp_db_prefix']}reviews WHERE userid=$uid";
        $resulta = ppmysql_query($query,$db_link);

        $query = "SELECT bigimage,cat FROM {$Globals['rp_db_prefix']}products WHERE userid=$uid";
        $resulta = ppmysql_query($query,$link);

        while ( list( $filename, $thecat ) = mysql_fetch_row($resulta) ) {
            remove_all_files( $filename, $uid, $thecat );
        }
        if ( $resulta ) ppmysql_free_result( $resulta );

        //# end delete the files //#

        $query = "DELETE FROM {$Globals['rp_db_prefix']}products WHERE userid=$uid";
        $resulta = ppmysql_query($query,$link);

        $query = "DELETE FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid";
        $resulta = ppmysql_query($query,$db_link);

        $query = "SELECT username FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid";
        $resulta = ppmysql_query($query,$db_link);
        list( $username ) = mysql_fetch_row($resulta);

        $ipaddr = findenv("REMOTE_ADDR");
        $date = time();
        $what = "Delete User: $username";
        $what = addslashes($what);
        $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')";
        $resultb = ppmysql_query($query,$link);

        $forwardid = "{$Globals['maindir']}/adm-users.php?ppaction=users";
        forward( $forwardid, "Finished processing user request!" );
        exit;
    }

    //# Generate an 'are you sure' you want to delete? form...
    adminheader( 0, "ReviewPost Users" );

    $output = "<div align=\"center\">

        <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
        align=\"center\"><tr><td>
        <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
        <tr>
        <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Remove User</b></span></td>
        </tr><tr>
        <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br />
        You're about to delete user \"$inusername\", and <b>ALL PRODUCTS/POSTS THAT HE/SHE HAS SUBMITTED</B>.<p>
        Are you sure you want to do that?
        <form action=\"{$Globals['maindir']}/adm-users.php\" method=\"post\">
        <input type=\"hidden\" name=\"uid\" value=\"$uid\">
        <input type=\"hidden\" name=\"do\" value=\"process\">
        <input type=\"hidden\" name=\"ppaction\" value=\"deluser\">
        <input type=\"submit\" value=\"I'm sure, delete the user.\"></form></td></tr></table></td></tr></table>";

    print "$output<p><p>";
    adminfooter();
}

if ($ppaction == "emailusers") {
    if ($do == "process") {
        $query = "SELECT userid,username,email FROM {$Globals['rp_db_prefix']}users ORDER BY username";
        $fusers = ppmysql_query($query,$link);
        $posts = mysql_num_rows($fusers);

        print "Emailing $posts members, please wait... depending on the number of users, this may take a while...<br><br>";

        $subject = addslashes( $subject );
        $letter = addslashes( $letter );
        $from_email = "From: {$Globals['adminemail']}";

        while ( list($euserid,$eusername,$email) = mysql_fetch_row($fusers) ) {
            mail( $email, $subject, $letter, $from_email );
        }
        ppmysql_free_result( $fusers );

        $forwardid = "{$Globals['maindir']}/adm-users.php?ppaction=users";
        forward( $forwardid, "Finished emailing users!" );
        exit;
    }

    $emailmessage = "Type your email message here.";
    $subject = "Type your subject here.";

    adminheader( 0, "ReviewPost Email Users" );

    $output = "<div align=\"center\">

        <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\"  width=\"{$Globals['tablewidth']}\"
        align=\"center\"><tr><td>
        <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\"  width=\"100%\">
        <tr>
        <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Email Users</b></span></td>
        </tr><tr>
        <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br />
        You are about to email all of your users. Please enter the message you wish to send below (HTML acceptable)<br><br>
        <form action=\"{$Globals['maindir']}/adm-users.php\" method=\"post\">
        <input type=\"text\" value=\"$subject\" size=\"60\" name=\"subject\" /><br><br>
        <textarea name=\"letter\" cols=\"60\" rows=\"12\">$emailmessage</textarea><br><br>
        <input type=\"hidden\" name=\"uid\" value=\"$uid\">
        <input type=\"hidden\" name=\"do\" value=\"process\">
        <input type=\"hidden\" name=\"ppaction\" value=\"emailusers\">
        <input type=\"submit\" value=\"Email Now!\"></form><br><br></td></tr></table></td></tr></table>";

    print "$output<p><p>";
    adminfooter();
}


?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.