Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once(DIRNAME(__FILE__) . '/core.php');
- if(!$MCP_User->staff_gpuser){
- echo '<div class=\'error\'>You aren\'t permitted to access this section of the panel.</div>';
- $head->Footer();
- exit;
- }
- echo '<script type=\'text/javascript\'>
- function AddUser(){
- data = {
- Ready: 1,
- username: $("[name=username]").val(),
- login_name: $("[name=login_name]").val(),
- password: $("[name=password]").val(),
- email: $("[name=email]").val()
- }
- $.post("users.php?textonly=1&cmd=user_add",data, function(data){ $("#output_").html(data).show(500); });
- }
- function EditUser(step){
- if(step=="step1"){
- data = {
- Step1: 1,
- user: $("[name=user_dropdown]").val()
- }
- $(".content").slideUp();
- $.post("users.php?textonly=1&cmd=user_edit",data,function(data){ $(".content").slideDown().html("<div id=\'output_\'></div>" + data); });
- }
- if(step=="step2"){
- data2 = {
- Step1: 1,
- Step2: 1,
- userid: $("#user").val(),
- username: $("[name=username]").val(),
- login_name: $("[name=login_name]").val(),
- level: $("[name=level]").val(),
- money: $("[name=money]").val(),
- crystals: $("[name=crystals]").val(),
- donatordays: $("[name=ddays]").val(),
- email: $("[name=email]").val()
- }
- $.post("users.php?textonly=1&cmd=user_edit",data2,function(data){ $("#output_").html(data).show(500); });
- }
- }
- function RemoveUser(){
- data = {
- Ready: 1,
- userid: $("[name=user_dropdown]").val()
- }
- $.post("users.php?textonly=1&cmd=user_remove",data,function(data){ $("#output_").html(data).show(500); });
- }
- </script>';
- $_GET['cmd'] = isset($_GET['cmd']) && is_string($_GET['cmd']) ? $_GET['cmd'] : FALSE;
- switch($_GET['cmd']){
- case 'user_add': user_add(); break;
- case 'user_edit': user_edit(); break;
- case 'user_remove': user_remove(); break;
- default: index(); break;
- }
- function index(){
- global $head;
- echo '<br />
- <a href=\'users.php?cmd=user_add\'><img src=\'Themes/Carbon Pink/icons/user_add.png\' /></a>
- <a href=\'users.php?cmd=user_edit\'><img src=\'Themes/Carbon Pink/icons/user_edit.png\' /></a>
- <a href=\'users.php?cmd=user_remove\'><img src=\'Themes/Carbon Pink/icons/user_delete.png\' /></a>';
- $head->Footer();
- }
- function user_add(){
- global $db,$MCP_User,$head;
- if(!$_POST['Ready']){
- echo '<h3>Add User</h3>
- <form method="post" onsubmit="AddUser();return false;">
- Username: <input type=\'text\' name=\'username\' /><br />
- Login Name: <input type=\'text\' name=\'login_name\' /><br />
- Password: <input type=\'password\' name=\'password\' /><br />
- Email: <input type=\'text\' name=\'email\' /><br />
- <input type=\'submit\' />
- </form>';
- $head->Footer();
- } else {
- if(!$_POST['username'] || !$_POST['login_name'] || !$_POST['password'] || !$_POST['email']){
- echo '<div class=\'error\'>One or more required fields are empty</div>';
- exit;
- } else if($db->num_rows($db->query("SELECT `login_name` FROM `users` WHERE `login_name`='".mysql_real_escape_string($_POST['login_name'])."'"))){
- echo '<div class=\'error\'>A user with this login name already exists</div>';
- exit;
- } else {
- echo '<div class=\'success\'>User "'.$_POST['username'].'" has successfully been added.</div>';
- $User_Sql = 'INSERT INTO `users` (username,login_name,userpass,email) '.
- 'VALUES("'.mysql_real_escape_string($_POST['username']).'",
- "'.mysql_real_escape_string($_POST['login_name']).'",
- "'.mysql_real_escape_string(md5($_POST['password'])).'",
- "'.mysql_real_escape_string($_POST['email']).'")';
- $db->query($User_Sql);
- }
- }
- }
- function user_edit(){
- global $db,$head;
- if(!$_POST['Step1']){
- echo '<h3>Edit User</h3><br />';
- $User_Drop_Sql = 'SELECT `userid`,`username` '.
- 'FROM `users` '.
- 'ORDER BY `userid` ASC';
- $User_Drop = $db->query($User_Drop_Sql);
- echo '<select name=\'user_dropdown\' onchange=\'EditUser("step1");\'>
- <option value=\'0\'>-> Select a User <-</option>';
- while($fetch = mysql_fetch_object($User_Drop)){
- $disabled = ($fetch->userid==$_SESSION['user']) ? 'disabled' : '';
- echo '<option class=\''.$disabled.'\' value=\''.$fetch->userid.'\' '.$disabled.'>'.htmlentities($fetch->username).'</option>';
- }
- echo '</select>';
- $head->Footer();
- }
- else if(!$_POST['Step2']){
- echo '<h3>Edit User</h3><br />';
- $Edit_User_Sql = 'SELECT `userid`,`username`,`login_name`,`level`,`money`,`crystals`,`donatordays`,`email` '.
- 'FROM `users` '.
- 'WHERE `userid`='.$_POST['user'];
- $Edit_User = $db->query($Edit_User_Sql);
- $UserDetails = mysql_fetch_object($Edit_User);
- echo '<form method="post">
- <input type="hidden" id="user" value="'.$_POST['user'].'" />
- Username: <input type="text" name="username" value="'.$UserDetails->username.'" /><br />
- Login Name: <input type="text" name="login_name" value="'.$UserDetails->login_name.'" /><br />
- E-Mail: <input type="email" name="email" value="'.$UserDetails->email.'" /><br />
- Level: <input type="text" name="level" value="'.$UserDetails->level.'" /><br />
- Money: <input type="text" name="money" value="'.$UserDetails->money.'" /><br />
- Crystals: <input type="text" name="crystals" value="'.$UserDetails->crystals.'" /><br />
- Donator Days: <input type="text" name="ddays" value="'.$UserDetails->donatordays.'" /><br />
- <input type="submit" onclick="EditUser(\'step2\');return false;" /><br /><br />
- </form>';
- }
- else {
- $_POST = array_slice($_POST,2);
- foreach($_POST as $k => $v){
- if(strlen($_POST[$k]) <= 0){
- echo '<div class=\'error\'>One or more required fields are missing.';
- exit;
- } else {
- $db->query("UPDATE `users` SET `".$k."`='".mysql_real_escape_string($v)."' WHERE `userid`=".$_POST['userid']);
- }
- }
- echo '<div class=\'success\'>User "'.htmlentities($_POST['username']).'" has been edited</div>';
- }
- }
- function user_remove(){
- global $db,$head;
- if(!$_POST['Ready']){
- $User_Drop_Sql = 'SELECT `userid`,`username` '.
- 'FROM `users` '.
- 'ORDER BY `userid` ASC';
- $User_Drop = $db->query($User_Drop_Sql);
- echo '<h3>Remove User</h3><br />';
- echo '<form method="post" onsubmit="RemoveUser();return false;">
- <select name=\'user_dropdown\'>
- <option value=\'0\'>-> Select a User <-</option>';
- while($fetch = mysql_fetch_object($User_Drop)){
- $disabled = ($fetch->userid==$_SESSION['user']) ? 'disabled' : '';
- echo '<option class=\''.$disabled.'\' value=\''.$fetch->userid.'\' '.$disabled.'>'.htmlentities($fetch->username).'</option>';
- }
- echo '</select>
- <input type=\'submit\' />
- </form>';
- $head->Footer();
- } else {
- if($_POST['userid']){
- echo '<div class=\'success\'>User has been removed</div>';
- $db->query("DELETE FROM `users` WHERE `userid`=".$_POST['userid']);
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement