API tools faq
paste
Guest User

userlist

a guest
May 29th, 2013
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once('authenticate.php');
  3. include_once('includes/header.inc.php');
  4. include_once('includes/navigation.inc.php');
  5. //variable for email used in login
  6. $email = $_SESSION['email'];
  7. //selects profile in database that correlates with $email variable
  8. $result = mysql_query("SELECT * FROM users WHERE email='$email'") or die(mysql_error());
  9. $row = mysql_fetch_array($result);
  10. //variable check for admin value in database
  11. $admin = $row['admin'];
  12. //if the user is an admin he will proceed
  13. if ($admin == '1') {
  14. $idQuery = "SELECT * FROM users ORDER BY id LIMIT 0, 20";
  15. $id_result = mysql_query($idQuery, $dbhandle);
  16. if (isset($_GET["page"])) { $page = $_GET["page"]; } else { $page=1; };
  17. $start_from = ($page-1) * 20;
  18. $columnname = "";
  19. if ($_GET['columnname']) {
  20. $columnname = $_GET['columnname'];
  21. } else {
  22. $columnname = "ID";
  23. }
  24. $order = "";
  25. if ($_GET['order']) {
  26. $order = $_GET['order'];
  27. } else {
  28. $order = "";
  29. }
  30. if ($order == "") {
  31. $order = "ASC"; }
  32. elseif ($order == "ASC") {
  33. $order = "DESC";}
  34. elseif ($order == "DESC") {
  35. $order = "ASC";}
  36. if ($columnname == "")
  37. {$columnname = "id"; }
  38. $query = mysql_query("SELECT * FROM users ORDER BY $columnname $order LIMIT $start_from, 20");
  39. $sqlr = "SELECT COUNT(id) FROM users";
  40. $rs_result = mysql_query($sqlr,$dbhandle);
  41. $rowr = mysql_fetch_row($rs_result);
  42. $total_records = $rowr[0];
  43. $total_pages = ceil($total_records / 20);
  44.  
  45. function sanitizez($data) {
  46. $data=trim($data);
  47. $data=htmlspecialchars($data);
  48. $data=mysql_real_escape_string($data);
  49. return $data;
  50. }
  51. function HashPassword($input) {
  52. //Credits: http://crackstation.net/hashing-security.html
  53. //This is secure hashing the consist of strong hash algorithm sha 256 and using highly random salt
  54. $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
  55. $hash = hash("sha256", $salt . $input);
  56. $final = $salt . $hash;
  57. return $final;
  58. }
  59. ?>
  60. <h2>User List</h2>
  61. <div id="userlist">
  62. <div class="row title">
  63. <div class="column id no-border">
  64. <a href="?columnname=id&order=asc"><h2 title="Arrange User ID in numerical order - This is active by default" alt="Arrange User ID in numerical order - This is active by default" class="tt-n">User ID</h2></a>
  65. </div>
  66. <div class="column email no-border">
  67. <a href="?columnname=email&order=asc"><h2 title="Arrange list by Email Address in alphabetical order" alt="Arrange list by Email Address in alphabetical order" class="tt-n">Email Address</h2></a>
  68. </div>
  69. <div class="column loginattempt no-border">
  70. <a href="?columnname=loginattempt&order=desc"><h2 title="Arrange list by the greatest number of Login Attempts to the least" alt="Arrange list by the greatest number of Login Attempts to the least" class="tt-n">Login Attempts</h2></a>
  71. </div>
  72. <div class="column admin no-border">
  73. <a href="?columnname=admin&order=desc"><h2 title="Arrange list by those who have Admin privileges to those who don't" alt="Arrange list by those who have Admin privileges to those who don't" class="tt-n">Admin</h2></a>
  74. </div>
  75. </div>
  76. <?php while ($queryf = mysql_fetch_array($query)) { ?>
  77. <div class="row">
  78. <div class="column id">
  79. <h5><?php echo $queryf['id']; ?></h5>
  80. </div>
  81. <div class="column email">
  82. <?php echo $queryf['email']; ?>
  83. </div>
  84. <div class="column loginattempt">
  85. <h5><?php echo $queryf['loginattempt']; ?></h5>
  86. </div>
  87. <div class="column admin">
  88. <?php
  89. $rowid = $queryf['id'];
  90. $emailr = $queryf['email'];
  91. if ($queryf['admin'] == '1') {
  92. if(!empty($_POST['submit-id'.$rowid.''])){
  93. $adminYes = "UPDATE users SET admin = '0' where email = '$emailr'";
  94. mysql_query($adminYes);
  95. }
  96. echo '<form action="" method="post">
  97. <input name="submit-id'.$rowid.'" type="submit" class="btnLogin tt-ul" value="Enabled" title="Clicking will remove admin privileges from: '; echo $emailr; echo '" />
  98. </form>';
  99. } else {
  100. echo '<form action="" method="post" id="confirm">';
  101. if(!empty($_POST['submit-id'.$rowid.''])){
  102. $adminNo = "UPDATE users SET admin = '1' where email = '$emailr'";
  103. mysql_query($adminNo);
  104. }
  105. echo '<input name="submit-id'.$rowid.'" type="submit" class="btnLogin tt-ul" value="Disabled" title="Clicking will grant admin privileges to: ';echo $emailr;echo '" />
  106. </form>';
  107. }
  108. ?>
  109. </div>
  110. <div class="column editprofile"><a href="" title="Edit profile: <?php echo $emailr ?>" alt="Edit Profile" class="edit-profile tt-ul">Edit Profile</a></div>
  111. <div class="column deleteprofile">
  112. <form onsubmit="return false;" action="" method="post">
  113. <input name="submit" type="submit" class="btnLogin tt-ul" value="Delete" title="Clicking will delete profile: <?php echo $emailr; ?>" />
  114. </form>
  115. </div>
  116. </div>
  117. <div class="row hide-id">
  118. <h2>Profile: <?php echo $emailr ?></h2>
  119. <ul id="settings">
  120. <a href="" style="width:150px"><li title="Change this user's password" alt="Change Password" class="tt-w">Change Password</li></a>
  121. <?php
  122. if(isset($_POST['p-'.$rowid.''])) {
  123. $newpassword = sanitizez($_REQUEST['np-'.$rowid.'']); {
  124. $hashedpassword = HashPassword($newpassword);
  125. }
  126. $sql = "UPDATE users SET password = '$hashedpassword' where email = '$emailr'";
  127. mysql_query($sql);
  128. }
  129. ?>
  130. <div class="hide-form">
  131. <form class="box login" action="userlist.php" method="post" id="p-<?php echo $rowid ?>">
  132. <fieldset class="boxBody">
  133. <label lang="en" for="newpassword">New Password:</label>
  134. <input type="password" name="newpassword" id="newpassword" tabindex="1" title="Must be alphanumeric and greater than 8 characters" class="tt-w" />
  135. <label lang="en" for="cpassword">Confirm Password:</label>
  136. <input type="password" name="cpassword" id="cpassword" tabindex="2" title="Re-type password" class="tt-w" />
  137. </fieldset>
  138. <footer>
  139. <input lang="en" name="np-<?php echo $rowid ?>" type="submit" class="btnLogin" value="Change Password" tabindex="3" />
  140. </footer>
  141. </form>
  142. </div>
  143. <a href="" style="width:170px"><li title="Update this user's email address" alt="Update Email Address" class="tt-w">Update Email Address</li></a>
  144. <div class="hide-form">
  145. <form class="box login" action="?go=updated" method="post">
  146. <fieldset class="boxBody">
  147. <label lang="en" for="newpassword">New Email Address:</label>
  148. <input type="text" name="newpassword" id="newpassword" tabindex="1" title="Using [email protected] format" class="tt-w" />
  149. <label lang="en" for="cpassword">Confirm Email Address:</label>
  150. <input type="text" name="cpassword" id="cpassword" tabindex="2" title="Re-type email address" class="tt-w" />
  151. </fieldset>
  152. <footer>
  153. <input lang="en" name="submit" type="submit" class="btnLogin" value="Update Email Address" tabindex="3" />
  154. </footer>
  155. </form>
  156. </div>
  157. <?php
  158. if ($queryf['loginattempt'] <= '5') {
  159. if(!empty($_POST['lattempt-id'.$rowid.''])){
  160. $banUser = "UPDATE users SET loginattempt = '9' where email = '$emailr'";
  161. mysql_query($banUser);
  162. }
  163. echo '<form action="" method="post">
  164. <input name="lattempt-id'.$rowid.'" type="submit" class="tt-w" value="Ban User" title="Click to ban this user" />
  165. </form>
  166. <div class="hide-form">';
  167. } else {
  168. if ($queryf['loginattempt'] >= '6') {
  169. if(!empty($_POST['lattempt-id'.$rowid.''])){
  170. $unbanUser = "UPDATE users SET loginattempt = '0' where email = '$emailr'";
  171. mysql_query($unbanUser);
  172. }
  173. echo '<form action="" method="post" id="confirm">
  174. <input name="lattempt-id'.$rowid.'" type="submit" class="tt-w" value="Unban User" title="Click to unban user" />
  175. </form>';
  176. }
  177. }
  178. ?>
  179. </ul>
  180. </div>
  181. <?php
  182. }
  183. echo '<div id="pages"><p style="float:left;margin-right: 5px;">Pages: </p>';
  184. for ($i=1; $i<=$total_pages; $i++) {
  185. echo "<a href='?page=".$i."'><div title='Go to page ".$i."' class='tt-ul pagenumbers'>".$i."</div></a>";
  186. };
  187. echo '</div>';
  188. echo '<p style="font-style:italic;float:left;margin: 10px 0 0 -30px">The database has a total of '.$total_records.' profiles.</p>';
  189. $row = mysql_fetch_assoc($id_result);
  190. ?>
  191. </div>
  192. <?php
  193. } else {
  194. echo '<h2>Restricted Access</h2><p align="center">Only Administrators can access this page. Please log in to your account to proceed.</p>';
  195. }
  196. include_once('includes/footer.inc.php');
  197. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!