thunder_sti Posted August 22, 2008 Share Posted August 22, 2008 Hey, wassup fellas !! Im trying to install the review post pro php. Everything looks good. But: The issue is admin php isnt verifying vbulletin usergroup permission. You can login to page fine just admin rights are not recognized. What can I do or where ??? Thanks Admin usergroup: <?php //////////////////////////// COPYRIGHT NOTICE ////////////////////////////// // This script is part of ReviewPost PHP, a software application by // // All Enthusiast, Inc. Use of any kind of part or all of this // // script or modification of this script requires a license from All // // Enthusiast, Inc. Use or modification of this script without a license // // constitutes Software Piracy and will result in legal action from All // // Enthusiast, Inc. All rights reserved. // // http://www.reviewpost.com // // Contributing Developer: Michael Pierce (mpdev.net) // // // // ReviewPost Copyright 2004, All Enthusiast, Inc. // //////////////////////////////////////////////////////////////////////////// require "adm-inc.php"; if ( $User['adminedit'] != 1 ) { diewell( "You are not a valid administrator!" ); exit; } if ($ppaction == "usergroups") { if ($do == "add") { $query = "INSERT INTO {$Globals['rp_db_prefix']}usergroups (groupid,groupname,uploads,reviews) values(NULL,'Default','0','0')"; $resulta = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups"); exit; } if ($do == "delete") { $usergroupid=$groupid; if ($Globals['vbversion'] == "reviewpost") { if ($usergroupid < 6) { diewell("You can't delete this usergroup."); } } else { if ($usergroupid < 5) { diewell("You can't delete this usergroup."); } } if (empty($okay)) $okay="no"; if ($okay != "yes") { adminheader( 0, "ReviewPost User Groups" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr align=\"center\"> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Add a Category</b></span> </span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> <span class=\"{$Style['medium']}\">You are about to delete the <b>\"$usergroup\"</b> usergroup.<br /><br />Please note that if you have any users that are set to this usergroup, you should change those users to a different group BEFORE you delete this one or they will be unable to login to upload products or post reviews.<br /><br /> <form action=\"{$Globals['maindir']}/adm-userg.php\" method=\"POST\"> <input type=\"hidden\" name=\"groupid\" value=\"$usergroupid\"> <input type=\"hidden\" name=\"do\" value=\"delete\"> <input type=\"hidden\" name=\"okay\" value=\"yes\"> <input type=\"hidden\" name=\"ppaction\" value=\"usergroups\"> <input type=\"submit\" value=\"Go ahead and delete this usergroup.\"> </form></td></tr></table></td></tr></table>"; print $output; exit; } else { $query = "DELETE FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$usergroupid"; $resulta = ppmysql_query($query,$link); $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Deleted Usergroup: $usergroupid"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!" ); exit; } } if ($do == "refresh-vb") { if ( empty($okay) ) $okay="no"; if ($okay != "yes") { adminheader( 0, "ReviewPost User Groups" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr align=\"center\"> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Refresh Usergroups</b></span> </span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> <span class=\"{$Style['medium']}\">You are about to refresh your forum usergroups. tdis is necessary whenever you add or delete usergroups within your forum software.<br /><br />After you refresh, <b>please double-check your ReviewPost usergroup settings</b> to ensure that they are correct!<br /><br /> <form action=\"{$Globals['maindir']}/adm-userg.php\" method=\"POST\"> <input type=\"hidden\" name=\"do\" value=\"refresh-vb\"> <input type=\"hidden\" name=\"okay\" value=\"yes\"> <input type=\"hidden\" name=\"ppaction\" value=\"usergroups\"> <input type=\"submit\" value=\"Go ahead and refresh usergroups.\"></form></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); exit; } else { import_user_groups(); $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Refreshed Usergroups"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!"); exit; } } if ($do == "process") { //# Save input usergroups form to DB $admincheck=0; foreach($HTTP_POST_VARS as $id=>$setting) { //$setting=~ s/\\+$//g; //$setting=~ s/\/+$//g; $name = explode("-", $id); $dbid = $name[1]; if ($name[0] == "cpaccess") { if ($setting == 1) { $admincheck = 1; } } } if ($admincheck == 0) { diewell("At least one usergroup must have Admin Access."); exit; } foreach($HTTP_POST_VARS as $id=>$setting) { $name = explode("-", $id); $dbid = $name[1]; if ($dbid != "") { $setting = addslashes( $setting ); $query = "UPDATE {$Globals['rp_db_prefix']}usergroups SET ".$name[0]."='$setting' WHERE groupid=$dbid"; //print "$query<br />"; $resulta = ppmysql_query($query,$link); } } $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Modified Usergroups"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); forward( "{$Globals['maindir']}/adm-userg.php?ppaction=usergroups", "Processing complete!" ); exit; } adminheader( 0, "ReviewPost User Groups" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr align=\"center\"> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>Reviewpost UserGroup Editor</b></span></td></tr> <form method=\"POST\" action=\"{$Globals['maindir']}/adm-userg.php\"> <tr><td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"> <tr><td> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"> <tr><td class=\"{$Style['menubar']}\">Usergroup name</td> <td class=\"{$Style['menubar']}\">Admin Access?</span></td> <td class=\"{$Style['menubar']}\">Mod Access?</span></td> <td class=\"{$Style['menubar']}\">Allow Uploads?</span></td> <td class=\"{$Style['menubar']}\">Allow Reviews?</span></td> <td class=\"{$Style['menubar']}\">Allow edit own Products?</span></td> <td class=\"{$Style['menubar']}\">Allow edit own Reviews?</span></td></tr>"; $query = "SELECT groupid,groupname,cpaccess,modaccess,uploads,reviews,editpho,editposts FROM {$Globals['rp_db_prefix']}usergroups ORDER BY groupid"; $resulta = ppmysql_query($query,$link); while ( list($uggroupid,$uggroupname,$ugcpaccess,$ugmodaccess,$uguploads,$ugreviews,$editpho,$editposts) = mysql_fetch_row($resulta) ) { if ($ugcpaccess == "1") $cpaccess_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $cpaccess_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($ugmodaccess == "1") $modaccess_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $modaccess_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($editpho == "1") $editpho_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $editpho_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($editposts == "1") $editposts_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $editposts_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($uguploads == "1") $uploads_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $uploads_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($ugreviews == "1") $reviews_opts= "<option selected value=\"1\">yes</option><option value=\"0\">no</option>"; else $reviews_opts= "<option selected value=\"0\">no</option><option value=\"1\">yes</option>"; if ($Globals['vbversion'] == "reviewpost" ) { $addhtml = "<b>(<a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&do=add\">Add a New Usergroup</a>)</b></span>"; } else { $addhtml = "<span class=\"{$Style['medium']}\"><b>(<a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&do=refresh-vb\">Refresh usergroups from your forum software?</a>)</b></span>"; } $output .= "<tr><td class=\"{$Style['tddetails']}\"><div align=\"center\"> <input type=\"text\" size=\"25\" maxlength=\"25\" value=\"$uggroupname\" name=\"groupname-$uggroupid\" class=\"bginput\">"; if ($Globals['vbversion'] == "reviewpost" || $Globals['vbversion'] == "threads") { if ($uggroupid > 5) { $output .= "<br />(<span class=\"{$Style['small']}\"><a href=\"{$Globals['maindir']}/adm-userg.php?ppaction=usergroups&groupid=$uggroupid&do=delete&usergroup=$uggroupname\">delete</a>)"; } } $output .= "</td> <td class=\"tddetails\"><div align=\"center\"><select name=\"cpaccess-$uggroupid\">$cpaccess_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"modaccess-$uggroupid\">$modaccess_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"uploads-$uggroupid\">$uploads_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"reviews-$uggroupid\">$reviews_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"editpho-$uggroupid\">$editpho_opts</select></td> <td class=\"tddetails\"><div align=\"center\"><select name=\"editposts-$uggroupid\">$editposts_opts</select></td> </tr>"; } ppmysql_free_result( $resulta ); $output .= "</table></td></tr></table><p><div align=\"center\"> <input type=\"hidden\" value=\"usergroups\" name=\"ppaction\"> <input type=\"hidden\" value=\"process\" name=\"do\"> $addhtml<p> <input value=\"Save Changes\" type=\"submit\"> </td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); exit; } diewell("Usergroups called improperly!"); ?> Unless, Im doing something wrong durin g the installation..... Quote Link to comment https://forums.phpfreaks.com/topic/120805-adminphp/ Share on other sites More sharing options...
thunder_sti Posted August 22, 2008 Author Share Posted August 22, 2008 Admin user <?php //////////////////////////// COPYRIGHT NOTICE ////////////////////////////// // This script is part of ReviewPost PHP, a software application by // // All Enthusiast, Inc. Use of any kind of part or all of this // // script or modification of this script requires a license from All // // Enthusiast, Inc. Use or modification of this script without a license // // constitutes Software Piracy and will result in legal action from All // // Enthusiast, Inc. All rights reserved. // // http://www.reviewpost.com // // Contributing Developer: Michael Pierce (mpdev.net) // // // // ReviewPost Copyright 2004, All Enthusiast, Inc. // //////////////////////////////////////////////////////////////////////////// require "adm-inc.php"; if ( $User['adminedit'] != 1 ) { diewell( "You are not a valid administrator!" ); exit; } if (empty($susergroupid)) $susergroupid=""; if (empty($susername)) $susername=""; if (empty($email)) $email=""; $message=""; $srch = ""; if ( $ppaction == "users" ) { if ( $do == "findusers" ) { if ( $susername != "" ) $srch .= "username LIKE '%$susername%'"; if ( $susergroupid != "" ) { if ($srch != "") $srch .= " AND "; $srch .= "usergroupid=$susergroupid"; } if ($email != "") { if ($srch != "") $srch .= " AND "; $srch .= "email LIKE '%$email%'"; } if ($srch != "") $srch = "WHERE $srch"; if ( empty($perpage) ) $perpage=50; if ( !empty($page) ) { $page = $page; $startnumb = ($page*$perpage)-$perpage+1; } else { $page = 1; $startnumb = 1; } $startnumb = $startnumb-1; $query = "SELECT userid FROM {$Globals['rp_db_prefix']}users"; $nusers = ppmysql_query($query,$link); $rcount = mysql_num_rows($nusers); pagesystem( $rcount, "admusers" ); adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Select Users</span> </span></td> </tr> <tr><td class=\"{$Style['tdbackground']}\"><div align=\"center\"><br /> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"><tr><td> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"><tr> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Username</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Actions</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Email</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Posts</th> <th class=\"{$Style['menubar']}\"><span class=\"{$Style['medium']}\">Views</th> </tr>"; $query = "SELECT userid,username,joindate,posts,email,views FROM {$Globals['rp_db_prefix']}users $srch ORDER BY username LIMIT $startnumb,$perpage"; $fusers = ppmysql_query($query,$link); $posts = mysql_num_rows($fusers); while ( list( $euserid,$eusername,$joindate,$posts,$email,$views ) = mysql_fetch_row($fusers) ) { $output .= "<tr> <td class=\"{$Style['tddetails']}\">$eusername</span></td> <td class=\"{$Style['tddetails']}\"><div align=\"center\">[ <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=edituser&uid=$euserid\">Edit User</a> ] [ <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=deluser&uid=$euserid&inusername=$eusername\">Delete User</a> ] [ <a target=\"_blank\" href=\"{$Globals['maindir']}/member.php?ppaction=rpwd&uid=$euserid&verifykey=$joindate&adminreset=1\">Reset Password</a> ]</span></td> <td class=\"{$Style['tddetails']}\">$email</span></td> <td class=\"{$Style['tddetails']}\"><div align=\"center\">$posts</div></span></td> <td class=\"{$Style['tddetails']}\"><div align=\"center\">$views</div></span></td> </tr>"; } ppmysql_free_result( $fusers ); $output .= "</table></td></tr><tr><td class=\"{$Style['menubar']}\" colspan=\"4\" align=\"center\">$posternav</td></tr></table></td></tr></table></td></tr></table>"; if ($rcount > 0) { print "$output<p><p>"; adminfooter(); exit; } else { $message = "No users found. Please try an alternate search, or list all users.</span><p>"; } } if ( $susergroupid != "" ) { $query="SELECT groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$susergroupid"; $resultb = ppmysql_query($query,$link); list( $usergroup ) = mysql_fetch_row($resultb); ppmysql_free_result( $resultb ); } if ($do == "findusers") { $groupopt = "<option value=\"$susergroupid\">$usergroup</option><option></option>"; } else { $groupopt = "<option></option>"; $eusername=""; } $query = "SELECT userid FROM {$Globals['rp_db_prefix']}users"; $nusers = ppmysql_query($query,$link); $numusers = mysql_num_rows($nusers); $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups"; $groups = ppmysql_query($query,$link); while ( list( $groupid, $ugusergroup ) = mysql_fetch_row( $groups ) ) { $groupopt .= "<option value=\"$groupid\">$ugusergroup</option>"; } ppmysql_free_result( $groups ); adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Select Users</b></span></td> </tr> <tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> $message<p> <a href=\"{$Globals['maindir']}/adm-users.php?ppaction=emailusers\">Click to email all members</a> <p><a href=\"{$Globals['maindir']}/adm-users.php?ppaction=users&do=findusers\">Click to list all $numusers users</a> or use the advanced search box below.<p> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"><tr><td> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"> <form method=\"post\" action=\"{$Globals['maindir']}/adm-users.php\"><tr> <td class=\"{$Style['menubar']}\" colspan=\"2\">Select users where: (leave a field blank to ignore it)</td></tr> <tr><td class=\"{$Style['tddetails']}\">Username contains:</td><td class=\"{$Style['tddetails']}\"><input type=\"text\" value=\"$eusername\" name=\"susername\"></td></tr> <tr><td class=\"{$Style['tddetails']}\">and email contains:</td><td class=\"{$Style['tddetails']}\"><input type=\"text\" value=\"$email\" name=\"email\"></td></tr> <tr><td class=\"{$Style['tddetails']}\">and usergroup is:</td><td class=\"{$Style['tddetails']}\"><select name=\"susergroupid\">$groupopt </select></td></tr> </table></td></tr></table><p> <input type=\"hidden\" name=\"ppaction\" value=\"users\"> <input type=\"hidden\" name=\"do\" value=\"findusers\"> <input type=\"submit\" value=\"Find users\"> </td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } if ($ppaction == "edituser") { if ($do == "process") { if ($year == "") $year="0000"; if ($month == "") $month="0"; if ($day == "") $day="0"; $birthday="$year-$month-$day"; $eusername = addslashes( $eusername ); $email = addslashes( $email ); $homepage = addslashes( $homepage ); $location = addslashes( $location ); $interests = addslashes( $interests ); $occupation = addslashes( $occupation ); $bio = addslashes( $bio ); $query = "UPDATE {$Globals['rp_db_prefix']}users SET username='$eusername',posts=$posts,usergroupid=$usergroupid,email='$email',homepage='$homepage',icq='$icq', aim='$aim',yahoo='$yahoo',birthday='$birthday',interests='$interests',occupation='$occupation',bio='$bio', location='$location' WHERE userid=$uid"; $resulta = ppmysql_query($query,$link); // we had a change of name, need to update some stuff if ( $ousername != $eusername ) { $query = "UPDATE {$Globals['rp_db_prefix']}reviews SET username='$eusername' WHERE username='$ousername'"; $result = ppmysql_query($query,$link); $query = "UPDATE {$Globals['rp_db_prefix']}products SET user='$eusername' WHERE user='$ousername'"; $result = ppmysql_query($query,$link); } $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Edit User: $ousername"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); $redir = "{$Globals['maindir']}/adm-users.php?ppaction=edituser&uid=$uid"; forward( $redir, "Processing complete!" ); exit; } if ($uid != "") { $months = array('January','February','March','April','May','June','July','August','September','October','November','December'); $query = "SELECT username,usergroupid,homepage,icq,aim,yahoo,joindate,posts,birthday,location,interests,occupation,bio,email FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid LIMIT 1"; $resulta = ppmysql_query($query,$link); list($eusername,$usergroupid,$homepage,$icq,$aim,$yahoo,$joindate,$posts,$birthday,$location,$interests,$occupation,$bio,$email) = mysql_fetch_row($resulta); ppmysql_free_result($resulta); $birth = explode( "-", $birthday ); $bmon = intval($birth[1]); $bday = intval($birth[2]); $byear = $birth[0]; if ($bmon != "") $bmonsel = "<option value=\"$bmon\">".$months[$bmon-1]."</option>"; else $bmonsel = "<option value=\"-1\"></option>"; if ($bday != "") $bdaysel = "<option value=\"$bday\">$bday</option>"; else $bdaysel = "<option value=\"-1\"></option>"; if ($byear == "") $byear = ""; if ($byear == "0000") $byear = ""; $ppdate = formatppdate( $joindate ); $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid=$usergroupid"; $resulta = ppmysql_query($query,$link); list( $usergroupid, $groupname ) = mysql_fetch_row($resulta); ppmysql_free_result( $resulta ); $groupopt = "<option selected value=\"$usergroupid\">$groupname</option>"; $query = "SELECT groupid,groupname FROM {$Globals['rp_db_prefix']}usergroups WHERE groupid !='$usergroupid'"; $groups = ppmysql_query($query,$link); while ( list( $groupid, $groupname ) = mysql_fetch_row( $groups ) ) { $groupopt .= "<option value=\"$groupid\">$groupname</option>"; } if ( $groups ) ppmysql_free_result( $groups ); $months = array('January','February','March','April','May','June','July','August','September','October','November','December'); adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost User</b></span> </span></td> </tr><tr> <td class=\"{$Style['tdbackground']}\"><div align=\"center\"><br /> <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" class=\"{$Style['tableborders']}\"> <tr><td class=\"{$Style['tddetails']}\"> <table border=\"0\" cellpadding=\"5\" cellspacing=\"1\"> <tr> <td align=\"left\" colspan=\"2\" class=\"{$Style['menubar']}\"><span class=\"{$Style['small']}\"><b>Edit Profile for $eusername</span> </span></td></tr> <form method=\"post\" action=\"{$Globals['maindir']}/adm-users.php\"> <tr><td align=\"left\"> <span class=\"{$Style['medium']}\">Date Registered</span></td> <td align=\"left\"><span class=\"{$Style['medium']}\">$ppdate</span></td></tr> <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Username:</span></td> <td class=\"{$Style['tddetails']}\" align=\"left\"> <span class=\"{$Style['medium']}\"><input type=\"text\" name=\"eusername\" size=\"25\" maxlength=\"100\" value=\"$eusername\"> <input type=\"hidden\" name=\"ousername\" value=\"$eusername\"> </td></tr> <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Usergroup</span></td> <td class=\"{$Style['tddetails']}\" align=\"left\"><span class=\"{$Style['medium']}\"><select name=\"usergroupid\">$groupopt </select></td></tr> <tr><td align=\"left\"><span class=\"{$Style['medium']}\">Email</span></td> <td align=\"left\"><span class=\"{$Style['medium']}\"> <input type=\"text\" name=\"email\" size=\"25\" maxlength=\"100\" value=\"$email\"></td></tr> <tr> <td align=\"left\"><span class=\"{$Style['medium']}\">Posts</span></td> <td align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"posts\" size=\"10\" maxlength=\"25\" value=\"$posts\"></td></tr>"; if ( $Globals['getoptional'] == "yes" ) { $output .= "<tr> <td class=\"{$Style['tddetails']}\" align=\"left\"><span class=\"{$Style['medium']}\">Birthday</span></td><td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"> <table border=\"0\" cellspacing=\"0\" cellpadding=\"2\"> <tr> <td align=\"center\"><span class=\"{$Style['small']}\">Month</span></td> <td align=\"center\"><span class=\"{$Style['small']}\">Day</span></td> <td align=\"center\"><span class=\"{$Style['small']}\">Year</span></td> </tr><tr> <td><span class=\"{$Style['small']}\" ><select name=\"month\"> $bmonsel"; for ( $m=0; $m < 12; $m++ ) { $output .= "<option value=\"".($m+1)."\">".$months[$m]."</option>\n"; } $output .= "</select></span></td> <td><span class=\"{$Style['small']}\"><select name=\"editday\"> $bdaysel"; for ( $x=1; $x < 32; $x++ ) { $output .= "<option value=\"$x\" >$x</option>\n"; } $output .= "</select></span></td> <td><span class=\"{$Style['small']}\"><input type=\"text\" name=\"year\" value=\"$byear\" size=\"{$Globals['fontlarge']}\" maxlength=\"4\"></span></td> </tr> </table> </td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"medium\">Homepage:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"homepage\" value=\"$homepage\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Biography:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"bio\" value=\"$bio\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">Location:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"location\" value=\"$location\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Interests:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"interests\" value=\"$interests\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">ICQ:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"icq\" value=\"$icq\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">AIM:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"aim\" value=\"$aim\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\">Yahoo:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor1']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"yahoo\" value=\"$yahoo\" size=\"25\" maxlength=\"250\"></span></td> </tr><tr> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\">Occupation:</span><br /> </td> <td bgcolor=\"{$Globals['altcolor2']}\" align=\"left\"><span class=\"{$Style['medium']}\"><input type=\"text\" name=\"occupation\" value=\"$occupation\" size=\"25\" maxlength=\"250\"></span></td> </tr>"; } $output .= "</table> </td></tr></table><p> <div align=\"center\"> <input type=\"hidden\" name=\"ppaction\" value=\"edituser\"> <input type=\"hidden\" name=\"do\" value=\"process\"> <input type=\"hidden\" name=\"uid\" value=\"$uid\"> <input type=\"submit\" value=\"Save Changes\"> </form></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } } if ($ppaction == "deluser") { if ($do == "process") { $query = "DELETE FROM {$Globals['rp_db_prefix']}reviews WHERE userid=$uid"; $resulta = ppmysql_query($query,$db_link); $query = "SELECT bigimage,cat FROM {$Globals['rp_db_prefix']}products WHERE userid=$uid"; $resulta = ppmysql_query($query,$link); while ( list( $filename, $thecat ) = mysql_fetch_row($resulta) ) { remove_all_files( $filename, $uid, $thecat ); } if ( $resulta ) ppmysql_free_result( $resulta ); //# end delete the files //# $query = "DELETE FROM {$Globals['rp_db_prefix']}products WHERE userid=$uid"; $resulta = ppmysql_query($query,$link); $query = "DELETE FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid"; $resulta = ppmysql_query($query,$db_link); $query = "SELECT username FROM {$Globals['rp_db_prefix']}users WHERE userid=$uid"; $resulta = ppmysql_query($query,$db_link); list( $username ) = mysql_fetch_row($resulta); $ipaddr = findenv("REMOTE_ADDR"); $date = time(); $what = "Delete User: $username"; $what = addslashes($what); $query = "REPLACE INTO {$Globals['rp_db_prefix']}admlog (adminuser,ip,datestamp,description) VALUES ('{$User['username']}','$ipaddr','$date','$what')"; $resultb = ppmysql_query($query,$link); $forwardid = "{$Globals['maindir']}/adm-users.php?ppaction=users"; forward( $forwardid, "Finished processing user request!" ); exit; } //# Generate an 'are you sure' you want to delete? form... adminheader( 0, "ReviewPost Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Remove User</b></span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> You're about to delete user \"$inusername\", and <b>ALL PRODUCTS/POSTS THAT HE/SHE HAS SUBMITTED</B>.<p> Are you sure you want to do that? <form action=\"{$Globals['maindir']}/adm-users.php\" method=\"post\"> <input type=\"hidden\" name=\"uid\" value=\"$uid\"> <input type=\"hidden\" name=\"do\" value=\"process\"> <input type=\"hidden\" name=\"ppaction\" value=\"deluser\"> <input type=\"submit\" value=\"I'm sure, delete the user.\"></form></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } if ($ppaction == "emailusers") { if ($do == "process") { $query = "SELECT userid,username,email FROM {$Globals['rp_db_prefix']}users ORDER BY username"; $fusers = ppmysql_query($query,$link); $posts = mysql_num_rows($fusers); print "Emailing $posts members, please wait... depending on the number of users, this may take a while...<br><br>"; $subject = addslashes( $subject ); $letter = addslashes( $letter ); $from_email = "From: {$Globals['adminemail']}"; while ( list($euserid,$eusername,$email) = mysql_fetch_row($fusers) ) { mail( $email, $subject, $letter, $from_email ); } ppmysql_free_result( $fusers ); $forwardid = "{$Globals['maindir']}/adm-users.php?ppaction=users"; forward( $forwardid, "Finished emailing users!" ); exit; } $emailmessage = "Type your email message here."; $subject = "Type your subject here."; adminheader( 0, "ReviewPost Email Users" ); $output = "<div align=\"center\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" class=\"{$Style['tableborders']}\" width=\"{$Globals['tablewidth']}\" align=\"center\"><tr><td> <table cellpadding=\"2\" cellspacing=\"1\" border=\"0\" width=\"100%\"> <tr> <td colspan=\"4\" align=\"left\" class=\"{$Style['menubar']}\"><span class=\"{$Style['large']}\"><b>ReviewPost Email Users</b></span></td> </tr><tr> <td class=\"{$Style['tddetails']}\"><div align=\"center\"><br /> You are about to email all of your users. Please enter the message you wish to send below (HTML acceptable)<br><br> <form action=\"{$Globals['maindir']}/adm-users.php\" method=\"post\"> <input type=\"text\" value=\"$subject\" size=\"60\" name=\"subject\" /><br><br> <textarea name=\"letter\" cols=\"60\" rows=\"12\">$emailmessage</textarea><br><br> <input type=\"hidden\" name=\"uid\" value=\"$uid\"> <input type=\"hidden\" name=\"do\" value=\"process\"> <input type=\"hidden\" name=\"ppaction\" value=\"emailusers\"> <input type=\"submit\" value=\"Email Now!\"></form><br><br></td></tr></table></td></tr></table>"; print "$output<p><p>"; adminfooter(); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/120805-adminphp/#findComment-622699 Share on other sites More sharing options...
thunder_sti Posted August 23, 2008 Author Share Posted August 23, 2008 bumpage.... Quote Link to comment https://forums.phpfreaks.com/topic/120805-adminphp/#findComment-623838 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.